goofball222/docker-compose.yml

## docker-compose.yml
version: '3'

services:
  unbound:
    image: mvance/unbound
    container_name: unbound
    restart: unless-stopped
    networks:
      external:
    ports:
      - 853:853/tcp
      - 853:853/udp
    volumes:
      - /etc/localtime:/etc/localtime:ro
      # Unbound needs a trusted root certificates store to validate remote endpoints against. Pull in the host system copy.
      - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # Unbound needs a persistent place to store and retrieve its configuration.
      - ./unbound:/opt/unbound/etc/unbound
      # Unbound needs a valid certificate and private key to use to encrypt the TLS connections.
      # Pull in LetsEncrypt cert and key **READ ONLY** for DNS-over-TLS hostname(s).
      # Requested by certbot directly on the Docker host. Kept up-to-date via scripted CRON job.
      - /etc/letsencrypt/live/<le-dns.host.name>/fullchain.pem:/etc/ssl/certs/cert.pem:ro
      - /etc/letsencrypt/live/<le-dns.host.name>/privkey.pem:/etc/ssl/certs/key.pem:ro
    environment:
      - TZ=UTC

  dns-over-https:
    image: goofball222/dns-over-https
    container_name: dns-over-https
    restart: unless-stopped
    networks:
      external:
    volumes:
      - /etc/localtime:/etc/localtime:ro
      # DNS-over-HTTPS requires a mapped volume for persistent configuration storage, both client and server.
      - ./dns-over-https:/opt/dns-over-https/conf
    environment:
      - TZ=UTC
    labels:
      - traefik.backend=dns-over-https
      - traefik.frontend.rule=Host:<le-dns.host.name>,<le-dns-alternate.host.name>
      - traefik.port=8053
      - traefik.docker.network=proxy
      - traefik.enable=true


networks:
  # Attach stack to external "proxy" network for Traefik
  external:
    external:
      name: proxy
	version: '3'

	services:
	unbound:
	image: mvance/unbound
	container_name: unbound
	restart: unless-stopped
	networks:
	external:
	ports:
	- 853:853/tcp
	- 853:853/udp
	volumes:
	- /etc/localtime:/etc/localtime:ro
	# Unbound needs a trusted root certificates store to validate remote endpoints against. Pull in the host system copy.
	- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
	# Unbound needs a persistent place to store and retrieve its configuration.
	- ./unbound:/opt/unbound/etc/unbound
	# Unbound needs a valid certificate and private key to use to encrypt the TLS connections.
	# Pull in LetsEncrypt cert and key READ ONLY for DNS-over-TLS hostname(s).
	# Requested by certbot directly on the Docker host. Kept up-to-date via scripted CRON job.
	- /etc/letsencrypt/live/<le-dns.host.name>/fullchain.pem:/etc/ssl/certs/cert.pem:ro
	- /etc/letsencrypt/live/<le-dns.host.name>/privkey.pem:/etc/ssl/certs/key.pem:ro
	environment:
	- TZ=UTC

	dns-over-https:
	image: goofball222/dns-over-https
	container_name: dns-over-https
	restart: unless-stopped
	networks:
	external:
	volumes:
	- /etc/localtime:/etc/localtime:ro
	# DNS-over-HTTPS requires a mapped volume for persistent configuration storage, both client and server.
	- ./dns-over-https:/opt/dns-over-https/conf
	environment:
	- TZ=UTC
	labels:
	- traefik.backend=dns-over-https
	- traefik.frontend.rule=Host:<le-dns.host.name>,<le-dns-alternate.host.name>
	- traefik.port=8053
	- traefik.docker.network=proxy
	- traefik.enable=true


	networks:
	# Attach stack to external "proxy" network for Traefik
	external:
	external:
	name: proxy