TimBroddin/docker-compose.yml

## docker-compose.yml
version: "2"
services:
  portainer:
    image: portainer/portainer
    container_name: portainer
    ports:
      - 9000:9000
    labels:
      - "traefik.http.routers.portainer.rule=Host(`portainer.example.com`)"
      - "traefik.http.routers.portainer.tls=true"
      - "traefik.http.routers.portainer.tls.certresolver=certresolver1"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
      - "traefik.http.middlewares.portainer.redirectscheme.scheme=https"
      - "traefik.http.middlewares.portainer.redirectscheme.permanent=true"
    volumes:
      - /volume1/docker/portainer:/data
      - /var/run/docker.sock:/var/run/docker.sock
    restart: always
  heimdall:
    image: linuxserver/heimdall
    container_name: heimdall
    environment:
      - PUID=1024
      - PGID=101
      - TZ=Europe/Brussels
    labels:
      - "traefik.http.routers.portal.rule=Host(`portal.example.com`)"
      - "traefik.http.routers.portal.tls=true"
      - "traefik.http.routers.portal.tls.certresolver=certresolver1"
      - "traefik.http.middlewares.portal.redirectscheme.scheme=https"
      - "traefik.http.middlewares.portal.redirectscheme.permanent=true"

    volumes:
      - /volume1/docker/heimdall/config:/config
    restart: unless-stopped
  reverse-proxy:
    # The official v2.0 Traefik docker image
    image: traefik:v2.2
    container_name: proxy
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.web-secure.address=:443
      - --certificatesResolvers.certresolver1.acme.dnsChallenge=true
      - --certificatesResolvers.certresolver1.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
      - --certificatesResolvers.certresolver1.acme.email=tim@wannabes.be
      - --certificatesResolvers.certresolver1.acme.storage=/acme.json
      - --certificatesresolvers.certresolver1.acme.dnschallenge.provider=route53
      - --certificatesResolvers.certresolver1.acme.dnsChallenge.delayBeforeCheck=0
      - --api.insecure=true
      - --providers.docker
      - --providers.file.directory=/configuration/
      - --providers.file.watch=true
      - --log.filePath=/logs/traefik.log
      - --log.level=INFO
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/volume1/docker/traefik/configuration/:/configuration/"
      - "/volume1/docker/traefik/logs/:/logs/"
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - AWS_ACCESS_KEY_ID=xxx
      - AWS_SECRET_ACCESS_KEY=xx
      - AWS_REGION=eu-west-1
      - AWS_HOSTED_ZONE_ID=xxx
    labels:
      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # global redirect to https
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
      - "traefik.http.routers.traefik.tls.domains[0].main=example.com"
      - "traefik.http.routers.traefik.tls.domains[0].sans=*.example.com"
    extra_hosts:
      - host.docker.internal:192.168.1.2
  plex:
    image: linuxserver/plex:latest
    container_name: "plex"
    volumes:
      - "/volume1/docker/plex:/config:rw"
      - "/volume1/docker/plex/transcode:/transcode:rw"
      - "/volume1/Personal\ Movies:/other-videos:rw"
    environment:
      - VERSION=latest
      - PGID=1024
      - PUID=101
      - TZ=Europe/Brussels
      - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
      - HOME=/root
      - LANGUAGE=en_US.UTF-8
      - LANG=en_US.UTF-8
      - TERM=xterm
      - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility
      - DEBIAN_FRONTEND=noninteractive
      - PLEX_DOWNLOAD=https://downloads.plex.tv/plex-media-server-new
      - PLEX_ARCH=amd64
      - PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=/config/Library/Application Support
      - PLEX_MEDIA_SERVER_HOME=/usr/lib/plexmediaserver
      - PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS=6
      - PLEX_MEDIA_SERVER_INFO_VENDOR=docker
      - PLEX_MEDIA_SERVER_INFO_DEVICE=Docker Container (LinuxServer.io)
      - PLEX_CLAIM=claim-
    labels:
      - "traefik.http.routers.plex.rule=Host(`plex.example.com`)"
      - "traefik.http.routers.plex.tls=true"
      - "traefik.http.routers.plex.tls.certresolver=certresolver1"
      - "traefik.http.services.plex.loadbalancer.server.port=32400"
      - "traefik.http.middlewares.plex.redirectscheme.scheme=https"
      - "traefik.http.middlewares.plex.redirectscheme.permanent=true"
    devices:
      - "/dev/dri/card0:/dev/dri/card0"
      - "/dev/dri/renderD128:/dev/dri/renderD128"
    privileged: true
    network_mode: "host"
    restart: always
  watchtower:
    image: v2tec/watchtower
    container_name: watchtower
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - "WATCHTOWER_POLL_INTERVAL=7200"
  route53-dynamic-dns:
    image: sjmayotte/route53-dynamic-dns:v1.1
    container_name: route53-dynamic-dns
    environment:
      - AWS_ACCESS_KEY_ID=x
      - AWS_SECRET_ACCESS_KEY=x
      - AWS_REGION=eu-west-1
      - ROUTE53_HOSTED_ZONE_ID=x
      - ROUTE53_DOMAIN=example.com
      - ROUTE53_TYPE=A
      - ROUTE53_TTL=60
      - SEND_EMAIL_SES=true
      - SES_TO_ADDRESS=tim@wannabes.be
      - SES_FROM_ADDRESS=tim@wannabes.be
      - UPDATE_FREQUENCY=60000
  pihole:
    container_name: pihole
    image: pihole/pihole:v5.2.1
    networks:
      pihole_network:
        ipv4_address: 192.168.1.4
    volumes:
      - "/volume1/docker/pihole/config:/etc/pihole/"
      - "/volume1/docker/pihole/dnsmasq.d/:/etc/dnsmasq.d/"
    dns:
      - 127.0.0.1
      - 8.8.8.8
    ports:
      - 443/tcp
      - 53/tcp
      - 53/udp
      - 67/udp
      - 80/tcp
    environment:
      TZ: Europe/Brussels
      WEBPASSWORD: xxxx
      ServerIP: 192.168.1.4
    restart: unless-stopped
networks:
  pihole_network:
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.168.1.0/24
          gateway: 192.168.1.1
          ip_range: 192.168.1.4/24
	version: "2"
	services:
	portainer:
	image: portainer/portainer
	container_name: portainer
	ports:
	- 9000:9000
	labels:
	- "traefik.http.routers.portainer.rule=Host(`portainer.example.com`)"
	- "traefik.http.routers.portainer.tls=true"
	- "traefik.http.routers.portainer.tls.certresolver=certresolver1"
	- "traefik.http.services.portainer.loadbalancer.server.port=9000"
	- "traefik.http.middlewares.portainer.redirectscheme.scheme=https"
	- "traefik.http.middlewares.portainer.redirectscheme.permanent=true"
	volumes:
	- /volume1/docker/portainer:/data
	- /var/run/docker.sock:/var/run/docker.sock
	restart: always
	heimdall:
	image: linuxserver/heimdall
	container_name: heimdall
	environment:
	- PUID=1024
	- PGID=101
	- TZ=Europe/Brussels
	labels:
	- "traefik.http.routers.portal.rule=Host(`portal.example.com`)"
	- "traefik.http.routers.portal.tls=true"
	- "traefik.http.routers.portal.tls.certresolver=certresolver1"
	- "traefik.http.middlewares.portal.redirectscheme.scheme=https"
	- "traefik.http.middlewares.portal.redirectscheme.permanent=true"

	volumes:
	- /volume1/docker/heimdall/config:/config
	restart: unless-stopped
	reverse-proxy:
	# The official v2.0 Traefik docker image
	image: traefik:v2.2
	container_name: proxy
	command:
	- --entrypoints.web.address=:80
	- --entrypoints.web-secure.address=:443
	- --certificatesResolvers.certresolver1.acme.dnsChallenge=true
	- --certificatesResolvers.certresolver1.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
	- --certificatesResolvers.certresolver1.acme.email=tim@wannabes.be
	- --certificatesResolvers.certresolver1.acme.storage=/acme.json
	- --certificatesresolvers.certresolver1.acme.dnschallenge.provider=route53
	- --certificatesResolvers.certresolver1.acme.dnsChallenge.delayBeforeCheck=0
	- --api.insecure=true
	- --providers.docker
	- --providers.file.directory=/configuration/
	- --providers.file.watch=true
	- --log.filePath=/logs/traefik.log
	- --log.level=INFO
	ports:
	- "80:80"
	- "443:443"
	- "8080:8080"
	volumes:
	- "/volume1/docker/traefik/configuration/:/configuration/"
	- "/volume1/docker/traefik/logs/:/logs/"
	- /var/run/docker.sock:/var/run/docker.sock
	environment:
	- AWS_ACCESS_KEY_ID=xxx
	- AWS_SECRET_ACCESS_KEY=xx
	- AWS_REGION=eu-west-1
	- AWS_HOSTED_ZONE_ID=xxx
	labels:
	# middleware redirect
	- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
	# global redirect to https
	- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
	- "traefik.http.routers.redirs.entrypoints=web"
	- "traefik.http.routers.redirs.middlewares=redirect-to-https"
	- "traefik.http.routers.traefik.tls.domains[0].main=example.com"
	- "traefik.http.routers.traefik.tls.domains[0].sans=*.example.com"
	extra_hosts:
	- host.docker.internal:192.168.1.2
	plex:
	image: linuxserver/plex:latest
	container_name: "plex"
	volumes:
	- "/volume1/docker/plex:/config:rw"
	- "/volume1/docker/plex/transcode:/transcode:rw"
	- "/volume1/Personal\ Movies:/other-videos:rw"
	environment:
	- VERSION=latest
	- PGID=1024
	- PUID=101
	- TZ=Europe/Brussels
	- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	- HOME=/root
	- LANGUAGE=en_US.UTF-8
	- LANG=en_US.UTF-8
	- TERM=xterm
	- NVIDIA_DRIVER_CAPABILITIES=compute,video,utility
	- DEBIAN_FRONTEND=noninteractive
	- PLEX_DOWNLOAD=https://downloads.plex.tv/plex-media-server-new
	- PLEX_ARCH=amd64
	- PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=/config/Library/Application Support
	- PLEX_MEDIA_SERVER_HOME=/usr/lib/plexmediaserver
	- PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS=6
	- PLEX_MEDIA_SERVER_INFO_VENDOR=docker
	- PLEX_MEDIA_SERVER_INFO_DEVICE=Docker Container (LinuxServer.io)
	- PLEX_CLAIM=claim-
	labels:
	- "traefik.http.routers.plex.rule=Host(`plex.example.com`)"
	- "traefik.http.routers.plex.tls=true"
	- "traefik.http.routers.plex.tls.certresolver=certresolver1"
	- "traefik.http.services.plex.loadbalancer.server.port=32400"
	- "traefik.http.middlewares.plex.redirectscheme.scheme=https"
	- "traefik.http.middlewares.plex.redirectscheme.permanent=true"
	devices:
	- "/dev/dri/card0:/dev/dri/card0"
	- "/dev/dri/renderD128:/dev/dri/renderD128"
	privileged: true
	network_mode: "host"
	restart: always
	watchtower:
	image: v2tec/watchtower
	container_name: watchtower
	restart: always
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	labels:
	- "WATCHTOWER_POLL_INTERVAL=7200"
	route53-dynamic-dns:
	image: sjmayotte/route53-dynamic-dns:v1.1
	container_name: route53-dynamic-dns
	environment:
	- AWS_ACCESS_KEY_ID=x
	- AWS_SECRET_ACCESS_KEY=x
	- AWS_REGION=eu-west-1
	- ROUTE53_HOSTED_ZONE_ID=x
	- ROUTE53_DOMAIN=example.com
	- ROUTE53_TYPE=A
	- ROUTE53_TTL=60
	- SEND_EMAIL_SES=true
	- SES_TO_ADDRESS=tim@wannabes.be
	- SES_FROM_ADDRESS=tim@wannabes.be
	- UPDATE_FREQUENCY=60000
	pihole:
	container_name: pihole
	image: pihole/pihole:v5.2.1
	networks:
	pihole_network:
	ipv4_address: 192.168.1.4
	volumes:
	- "/volume1/docker/pihole/config:/etc/pihole/"
	- "/volume1/docker/pihole/dnsmasq.d/:/etc/dnsmasq.d/"
	dns:
	- 127.0.0.1
	- 8.8.8.8
	ports:
	- 443/tcp
	- 53/tcp
	- 53/udp
	- 67/udp
	- 80/tcp
	environment:
	TZ: Europe/Brussels
	WEBPASSWORD: xxxx
	ServerIP: 192.168.1.4
	restart: unless-stopped
	networks:
	pihole_network:
	driver: macvlan
	driver_opts:
	parent: eth0
	ipam:
	config:
	- subnet: 192.168.1.0/24
	gateway: 192.168.1.1
	ip_range: 192.168.1.4/24