-
-
Save jamess7995/b49aa2083651713c14bd3ffc5fdc73fb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Obviously I've redacted the passwords, this is just to have some context provided | |
# Global Settings | |
COMPOSE_HTTP_TIMEOUT=60 | |
DOCKERCONFDIR=/opt/docker-compose/my_docker/.config/appdata | |
DOCKERSTORAGEDIR=/grimoire/data | |
DOCKERNEXTCLOUDDIR=/grimoire/nextcloud | |
CLIENT_NEXTCLOUD_DIR=/var/www/html/data | |
DOCKERDIR=/opt/docker-compose/my_docker | |
DOCKERNFSDIR=/grimoire/nfs/samba | |
DOCKERLOGGING_MAXFILE=10 | |
DOCKERLOGGING_MAXSIZE=200k | |
PUID=1000 | |
PGID=1000 | |
DOCKERGID=998 | |
TZ=America/New_York | |
DOCKERHOSTNAME=[redacted] | |
DOMAINNAME=[redacted] | |
CLOUDFLARE_EMAIL=[redacted] | |
CLOUDFLARE_API_KEY=[redacted] | |
APACHE_DISABLE_REWRITE_IP=1 | |
OVERWRITEPROTOCOL=https | |
OVERWRITECLIURL=[redacted] | |
DEFAULT_USER=[redacted] | |
DEFAULT_PASSWORD=[redacted] | |
ADMIN_EMAIL=[redacted] | |
SIMPLE_USER=[redacted] | |
SIMPLE_PASS=[redacted] | |
VPN_TYPE=openvpn | |
LAN_NETWORK=192.168.50.0/24 | |
TRUSTED_PROXIES=192.168.70.0/24 | |
UMASK=022 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AdGuard, Sonarr, Everything, is inaccessible on LAN. At the bottom I'll have a link to my | |
gist that shows a brief version of my docker compose file, and other relevant output. I currently use many services, | |
that all use the same docker-compose.yml file (I know that's frowned upon). They've all | |
been working, and I've been adding one service at a time to it. I added AdGuard, and now | |
that I followed this two step process of writing the compose file, I've got it up and running. | |
If I'm connected to a different network, my services are functioning. My router allows me to | |
plug in an IP Address for DNS, so I've specified the HOST's Local IP, 192.168.50.112. Lot | |
less ads, and I'm passing adTests on different webpages, but serviceName.myDomain.com no longer works. | |
I did know to go to DNS ReWrite's Settings, and added myDomain.com & *.myDomain.com pointing to the publicIP(making sure | |
I still have the right one). It now seems to be seeing the right webpage, but my browser (firefox / firedragon), warn me | |
that the webpage is set to use HSTS, and therefore can't show me the contents with a self-signed cert. I'm using traefik | |
for that part though, it should be fine, I've been using SSL fine before adGuard and I obviously am when on non-lan | |
network. So Okay, I went and ran these lego commands with my cloudflare api key & stuff, got a .key file and .crt file | |
that I then bind mounted to adguard, used my phone to specify those two files under the encryption settings, and boom, no | |
change that I see. Any other ideas? | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.7" | |
############################# NETWORKS | |
networks: | |
m2_proxy: | |
external: | |
name: m2_proxy | |
default: | |
driver: bridge | |
############################# SERVICES | |
services: | |
#Traefik 2 - Reverse Proxy | |
traefik: | |
container_name: traefik | |
image: traefik:2.2.1 | |
restart: unless-stopped | |
command: | |
- --global.checkNewVersion=true | |
- --global.sendAnonymousUsage=false | |
- --entryPoints.http.address=:80 | |
- --entryPoints.https.address=:443 | |
- --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22 | |
- --entryPoints.traefik.address=:8080 | |
- --api=true | |
- --log=true | |
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC | |
- --accessLog=true | |
- --accessLog.filePath=/traefik.log | |
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines | |
- --accessLog.filters.statusCodes=400-499 | |
- --providers.docker=true | |
- --providers.docker.endpoint=unix:///var/run/docker.sock | |
- --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`) | |
- --providers.docker.exposedByDefault=false | |
- --providers.docker.network=m2_proxy | |
- --providers.docker.swarmMode=false | |
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory. | |
# - --providers.file.filename=/path/to/file # Load dynamic configuration from a file. | |
- --providers.file.watch=true # Only works on top level files in the rules folder | |
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing | |
- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL | |
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json | |
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare | |
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 | |
networks: | |
- m2_proxy | |
security_opt: | |
- no-new-privileges:true | |
ports: | |
- target: 80 | |
published: 80 | |
protocol: tcp | |
mode: host | |
- target: 443 | |
published: 443 | |
protocol: tcp | |
mode: host | |
- target: 8080 | |
published: 8080 | |
protocol: tcp | |
mode: host | |
volumes: | |
- $DOCKERDIR/traefik2/rules:/rules | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- $DOCKERDIR/traefik2/acme/acme.json:/acme.json | |
- $DOCKERDIR/traefik2/traefik.log:/traefik.log | |
- $DOCKERDIR/shared:/shared | |
environment: | |
- CF_API_EMAIL=$CLOUDFLARE_EMAIL | |
- CF_API_KEY=$CLOUDFLARE_API_KEY | |
labels: | |
- "traefik.enable=true" | |
# HTTP-to-HTTPS Redirect | |
- "traefik.http.routers.http-catchall.entrypoints=http" | |
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" | |
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https" | |
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" | |
# HTTP Routers | |
- "traefik.http.routers.traefik-rtr.entrypoints=https" | |
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)" | |
- "traefik.http.routers.traefik-rtr.tls=true" | |
# - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs | |
- "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME" | |
- "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME" | |
## Services - API | |
- "traefik.http.routers.traefik-rtr.service=api@internal" | |
## Middlewares | |
- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file" | |
radarr: | |
container_name: radarr | |
image: cr.hotio.dev/hotio/radarr:latest | |
restart: unless-stopped | |
logging: | |
driver: json-file | |
networks: | |
- m2_proxy | |
ports: | |
- 7878:7878 | |
environment: | |
PUID: $PUID | |
PGID: $PGID | |
TZ: $TZ | |
volumes: | |
- $DOCKERDIR/traefik2/rules:/rules | |
- /etc/localtime:/etc/localtime:ro | |
- $DOCKERCONFDIR/radarr:/config | |
- $DOCKERSTORAGEDIR:/data | |
labels: | |
- "traefik.enable=true" | |
## HTTP Routers | |
- "traefik.http.routers.radarr-rtr.entrypoints=https" | |
- "traefik.http.routers.radarr-rtr.rule=Host(`radarr.$DOMAINNAME`)" | |
- "traefik.http.routers.radarr-rtr.tls=true" | |
## Middlewares | |
- "traefik.http.routers.radarr-rtr.middlewares=chain-no-auth@file" | |
## HTTP Services | |
- "traefik.http.routers.radarr-rtr.service=radarr-svc" | |
- "traefik.http.services.radarr-svc.loadbalancer.server.port=7878" | |
#Plex - Media Application | |
plex: | |
container_name: plex | |
image: linuxserver/plex:latest | |
restart: always | |
privileged: true | |
networks: | |
- m2_proxy | |
ports: | |
- "32400:32400" | |
- "32400:32400/udp" | |
- "32469:32469" | |
- "32469:32469/udp" | |
- "5353:5353/udp" | |
- "1900:1900/udp" | |
security_opt: | |
- no-new-privileges:true | |
volumes: | |
- $DOCKERCONFDIR/plex:/config | |
- $DOCKERSTORAGEDIR/media:/data/media | |
environment: | |
PUID: $PUID | |
PGID: $PGID | |
TZ: $TZ | |
VERSION: $PLEX_VERSION | |
PLEX_CLAIM: $PLEX_CLAIM | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.tv.entrypoints=http" | |
- "traefik.http.routers.tv.rule=Host(`tv.$DOMAINNAME`)" | |
- "traefik.http.middlewares.tv-https-redirect.redirectscheme.scheme=https" | |
- "traefik.http.routers.tv.middlewares=tv-https-redirect" | |
- "traefik.http.routers.tv-secure.entrypoints=https" | |
- "traefik.http.routers.tv-secure.rule=Host(`tv.$DOMAINNAME`)" | |
- "traefik.http.routers.tv-secure.tls=true" | |
- "traefik.http.routers.tv-secure.service=tv" | |
- "traefik.http.services.tv.loadbalancer.server.port=32400" | |
adguard: | |
container_name: adguard | |
image: adguard/adguardhome | |
networks: | |
- m2_proxy | |
ports: | |
- "53:53/tcp" | |
- "53:53/udp" | |
- "853:853/tcp" | |
restart: always | |
volumes: | |
- $DOCKERCONFDIR/adguard_data:/opt/adguardhome/work | |
- $DOCKERCONFDIR/adguard_config:/opt/adguardhome/conf | |
- $DOCKERCONFDIR/adguard_cert/lego:/opt/lego | |
- $DOCKERDIR/traefik2/rules:/rules | |
- $DOCKERDIR/traefik2/acme/acme.json:/acme.json | |
- $DOCKERDIR/shared:/shared | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.adguard.entrypoints=http" | |
- "traefik.http.routers.adguard.rule=Host(`adguard.$DOMAINNAME`)" | |
- "traefik.http.middlewares.adguard-https-redirect.redirectscheme.scheme=https" | |
- "traefik.http.routers.adguard.middlewares=adguard-https-redirect" | |
- "traefik.http.routers.adguard-secure.entrypoints=https" | |
- "traefik.http.routers.adguard-secure.rule=Host(`adguard.$DOMAINNAME`)" | |
- "traefik.http.routers.adguard-secure.tls=true" | |
- "traefik.http.routers.adguard-secure.service=adguard" | |
- "traefik.http.services.adguard.loadbalancer.server.port=3000" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES | |
8a59cc5a6d66 adguard/adguardhome "/opt/adguardhome/Ad…" 21 minutes ago Up 21 minutes 80/tcp, 67-68/udp, 443/udp, 784/udp, 0.0.0.0:53->53/tcp, :::53->53/tcp, 443/tcp, 853/udp, 3000-3001/tcp, 3000-3001/udp, 5443/tcp, 5443/udp, 0.0.0.0:853->853/tcp, 0.0.0.0:53->53/udp, :::853->853/tcp, :::53->53/udp, 8853/udp, 6060/tcp adguard | |
017de7d71b7a filebrowser/filebrowser "/filebrowser" 4 days ago Up 6 hours (healthy) 0.0.0.0:3443->80/tcp, :::3443->80/tcp filebrowser | |
aa6e1bdf5846 binhex/arch-qbittorrentvpn:latest "/usr/bin/tini -g --…" 4 days ago Up 6 hours 8080/tcp, 0.0.0.0:6881->6881/tcp, 0.0.0.0:6881->6881/udp, :::6881->6881/tcp, :::6881->6881/udp, 8118/tcp, 0.0.0.0:6080->9080/tcp, :::6080->9080/tcp qbittorrentvpn | |
e11a26d67d86 cr.hotio.dev/hotio/bazarr:latest "/init" 3 weeks ago Up 6 hours 0.0.0.0:6767->6767/tcp, :::6767->6767/tcp bazarr | |
9f957ea3d102 cr.hotio.dev/hotio/radarr:latest "/init" 3 weeks ago Up 6 hours 0.0.0.0:7878->7878/tcp, :::7878->7878/tcp radarr | |
2dd5278372aa nextcloud:apache "/entrypoint.sh apac…" 3 weeks ago Up 6 hours 0.0.0.0:2080->80/tcp, :::2080->80/tcp cloud | |
dad227b7fa8d nextcloud:apache "/cron.sh" 3 weeks ago Up 6 hours 80/tcp cloud_cron | |
bed4895bd0e8 lscr.io/linuxserver/prowlarr:develop "/init" 3 weeks ago Up 6 hours 0.0.0.0:9696->9696/tcp, :::9696->9696/tcp prowlarr | |
2d465eb892ca cr.hotio.dev/hotio/sabnzbd:latest "/init" 3 weeks ago Up 6 hours 0.0.0.0:9090->9090/tcp, :::9090->9090/tcp, 0.0.0.0:9080->8080/tcp, :::9080->8080/tcp sabnzbd | |
265c20e670dd mariadb:latest "docker-entrypoint.s…" 3 weeks ago Up 6 hours 3306/tcp cloud_db | |
de85997e6905 cr.hotio.dev/hotio/sonarr:latest "/init" 3 weeks ago Up 6 hours 0.0.0.0:8989->8989/tcp, :::8989->8989/tcp sonarr | |
1c24525ee2d6 linuxserver/mariadb:latest "/init" 3 weeks ago Up 6 hours 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp mariadb | |
cc91ac17c911 organizr/organizr:latest "/init" 3 weeks ago Up 6 hours (healthy) 80/tcp, 443/tcp organizr | |
1f4aa7c7ed35 redis:alpine "docker-entrypoint.s…" 3 weeks ago Up 6 hours 6379/tcp cloud_redis | |
b3ef26d2d9ac linuxserver/plex:latest "/init" 3 weeks ago Up 6 hours 0.0.0.0:1900->1900/udp, :::1900->1900/udp, 3005/tcp, 0.0.0.0:5353->5353/udp, :::5353->5353/udp, 32410/udp, 0.0.0.0:32400->32400/tcp, 0.0.0.0:32400->32400/udp, :::32400->32400/tcp, :::32400->32400/udp, 0.0.0.0:32469->32469/udp, :::32469->32469/udp, 8324/tcp, 0.0.0.0:32469->32469/tcp, :::32469->32469/tcp, 32412-32414/udp plex | |
4a4227527470 traefik:2.2.1 "/entrypoint.sh --gl…" 3 weeks ago Up 6 hours 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp traefik | |
a8257bced68a lscr.io/linuxserver/heimdall "/init" 3 weeks ago Up 6 hours 443/tcp, 0.0.0.0:4080->80/tcp, :::4080->80/tcp heimdall | |
9ef638f7c9ae portainer/portainer:latest "/portainer -H unix:…" 3 weeks ago Up 6 hours 9000/tcp portainer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ls -althr ./ .config/appdata/ .config/appdata/adguard_cert/lego/ traefik2/ traefik2/acme/ traefik2/rules/ | |
traefik2/acme/: | |
total 24K | |
drwxrwxr-x+ 2 james james 4.0K Apr 2 04:36 . | |
drwxrwxr-x+ 4 james james 4.0K Apr 2 04:39 .. | |
-rw-------+ 1 james james 16K Apr 16 20:21 acme.json | |
traefik2/: | |
total 3.4M | |
drwxrwxr-x+ 2 james james 4.0K Apr 2 04:36 acme | |
drwxrwxr-x+ 4 james james 4.0K Apr 2 04:39 . | |
drwxrwxr-x+ 2 james james 4.0K Apr 16 20:29 rules | |
drwxrwxr-x+ 8 root root 4.0K May 9 21:05 .. | |
-rwxrwxr-x+ 1 james james 3.4M May 9 21:28 traefik.log | |
traefik2/rules/: | |
total 20K | |
-rwxrwxr-x+ 1 james james 1.9K Apr 2 04:38 middlewares.toml | |
-rwxrwxr-x+ 1 james james 364 Apr 2 04:38 middleware-chains.toml | |
drwxrwxr-x+ 4 james james 4.0K Apr 2 04:39 .. | |
-rw-rw-r--+ 1 james james 538 Apr 16 20:20 app-filebrowser.toml | |
drwxrwxr-x+ 2 james james 4.0K Apr 16 20:29 . | |
.config/appdata/: | |
total 104K | |
drwxr-xr-x+ 3 root root 4.0K Apr 2 15:31 .. | |
drwxrwxr-x+ 5 james docker 4.0K Apr 2 15:31 sabnzbd | |
drwxr-xr-x+ 9 james docker 4.0K Apr 2 18:03 heimdall | |
drwxr-xr-x+ 5 james docker 4.0K Apr 2 18:26 plex | |
drwxr-xr-x+ 2 root root 4.0K Apr 3 02:18 apache | |
drwxrwxr-x+ 9 james docker 4.0K Apr 3 03:00 bazarr | |
drwxr-xr-x+ 5 james docker 4.0K Apr 3 16:55 jackett | |
drwxr-xr-x+ 14 www-data root 4.0K Apr 10 01:19 nextcloud | |
drwxr-xr-x+ 2 root root 4.0K Apr 10 01:23 apache_conf | |
drwxr-xr-x+ 4 root root 4.0K Apr 10 01:23 cloud_apache | |
drwxr-xr-x+ 2 root root 4.0K Apr 10 01:26 httpd_cloud | |
drwxr-xr-x+ 3 root root 4.0K Apr 12 11:53 samba | |
drwxrwxr-x+ 2 james james 4.0K Apr 16 21:31 filebrowser1 | |
drwxrwxr-x+ 2 james james 4.0K Apr 16 21:44 filebrowser2 | |
drwxr-xr-x+ 2 root root 4.0K Apr 16 22:42 etc-dnsmasq.d | |
drwxrwxr-x+ 3 systemd-coredump systemd-coredump 4.0K Apr 16 22:49 etc-pihole | |
drwxr-xr-x+ 2 root root 4.0K Apr 17 02:46 filebrowser | |
drwxrwxr-x+ 4 james docker 4.0K May 4 22:45 qbittorrentvpn | |
drwxr-xr-x+ 3 root root 4.0K May 8 18:15 adguard_data | |
drwxr-xr-x+ 6 systemd-coredump systemd-coredump 4.0K May 9 15:03 cloud_db | |
drwxr-xr-x+ 26 root root 4.0K May 9 20:53 . | |
drwxrwxr-x+ 4 root root 4.0K May 9 20:56 adguard_cert | |
drwxrwxr-x+ 6 james docker 4.0K May 9 20:58 radarr | |
drwxr-xr-x+ 2 root root 4.0K May 9 21:06 adguard_config | |
drwxrwxr-x+ 6 james docker 4.0K May 9 21:21 sonarr | |
drwxr-xr-x+ 8 james docker 4.0K May 9 21:21 prowlarr | |
.config/appdata/adguard_cert/lego/: | |
total 50M | |
-rw-r--r--+ 1 sora docker 1.1K Jan 19 12:55 LICENSE | |
-rw-r--r--+ 1 sora docker 31K Jan 19 12:55 CHANGELOG.md | |
-rwxr-xr-x+ 1 sora docker 39M Jan 19 13:16 lego | |
drwxrwxr-x+ 4 root root 4.0K May 9 20:56 .. | |
-rwxrwxr-x+ 1 root root 8.5K May 9 20:56 lego.sh | |
-rw-rw-r--+ 1 root root 11M May 9 21:03 lego.tar.gz | |
drwx------+ 4 root root 4.0K May 9 21:03 .lego | |
-rw-------+ 1 root root 227 May 9 21:03 leviathanj.com.key | |
-rw-------+ 1 root root 3.4K May 9 21:03 leviathanj.com.crt | |
drwxrwxr-x+ 3 root root 4.0K May 9 21:03 . | |
./: | |
total 56K | |
drwxrwxr-x+ 2 james james 4.0K Apr 2 04:37 shared | |
drwxrwxr-x+ 4 james james 4.0K Apr 2 04:39 traefik2 | |
drwxr-xr-x+ 3 root root 4.0K Apr 2 15:31 .config | |
drwxr-xr-x+ 3 root root 4.0K Apr 2 15:31 mariadb | |
drwxr-xr-x+ 3 root root 4.0K Apr 2 15:31 portainer | |
drwxr-xr-x+ 7 james docker 4.0K Apr 2 15:31 organizr | |
drwxrwxr-x+ 5 root root 4.0K Apr 16 23:18 .. | |
-rwxrwxr-x+ 1 james james 1.7K May 8 19:23 .env | |
-rwxrwxr-x+ 1 james james 19K May 9 21:05 docker-compose.yml | |
drwxrwxr-x+ 8 root root 4.0K May 9 21:05 . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment