Last active
October 30, 2022 19:51
-
-
Save lj020326/c24f2f642ea6b3014836f0cae845b9d9 to your computer and use it in GitHub Desktop.
docker-compose for traefik media stack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Reference: https://www.smarthomebeginner.com/docker-home-media-server-2018-basic | |
#Requirement: Set environmental variables: USERDIR, PUID, PGID, MYSQL_ROOT_PASSWORD, and TZ as explained in the reference. | |
## openvpn docker-media-node | |
## ref: https://github.com/mandreko/media-server/blob/master/docker-compose.yml | |
version: "3.6" | |
networks: | |
vpn: | |
external: | |
name: vpn | |
traefik-public: | |
external: true | |
default: | |
driver: bridge | |
## ref: https://github.com/stefanprodan/swarmprom/blob/master/docker-compose.traefik.yml | |
net: | |
# driver: overlay | |
external: false | |
attachable: true | |
# internal: | |
# external: false | |
# attachable: true | |
volumes: | |
prometheus: {} | |
grafana: {} | |
alertmanager: {} | |
keycloak_data: {} | |
# postgres_data: | |
# driver: local | |
# ldap: | |
# driver: local | |
# gitea: | |
# driver: local | |
configs: | |
dockerd_config: | |
file: ./dockerd-exporter/Caddyfile | |
node_rules: | |
file: ./prometheus/rules/swarm_node.rules.yml | |
task_rules: | |
file: ./prometheus/rules/swarm_task.rules.yml | |
services: | |
######### FRONTENDS ########## | |
# Traefik Reverse Proxy | |
traefik: | |
hostname: traefik | |
# image: traefik:latest | |
# image: traefik:v2.0.0 | |
image: traefik:v1.7 | |
container_name: traefik | |
restart: always | |
domainname: {{ external_domainname }} | |
networks: | |
- default | |
- traefik-public | |
ports: | |
- "80:80" | |
- "443:443" | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
- CLOUDFLARE_EMAIL={{ cloudflare_email }} | |
- CLOUDFLARE_API_KEY={{ cloudflare_apikey }} | |
- CF_API_EMAIL={{ cloudflare_email }} | |
- CF_API_KEY={{ cloudflare_apikey }} | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- {{ mediaserver_config_dir }}/traefik:/etc/traefik | |
- {{ mediaserver_config_dir }}/shared:/shared | |
- {{ mediaserver_config_dir }}/traefik/certs:/certs | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=traefik" | |
# - "traefik.frontend.rule=Host:traefik.{{ external_domainname }},traefik.{{ internal_domainname }}" | |
- "traefik.frontend.rule=Host:traefik.{{ internal_domainname }}" | |
- "traefik.port=8080" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
#Portainer - WebUI for Containers | |
portainer: | |
image: portainer/portainer | |
container_name: portainer | |
restart: always | |
command: -H unix:///var/run/docker.sock | |
environment: | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- {{ mediaserver_config_dir }}/portainer/data:/data | |
- {{ mediaserver_config_dir }}/shared:/shared | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=portainer" | |
- "traefik.frontend.rule=Host:portainer.{{ internal_domainname }}" | |
- "traefik.port=9000" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
# Heimdall - unified Web interface | |
## ref: https://git.sogenius.io/hos/mediaflix/blob/master/docker-compose.yml | |
heimdall: | |
image: linuxserver/heimdall | |
container_name: heimdall | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
- {{ mediaserver_config_dir }}/heimdall:/config | |
- {{ mediaserver_config_dir }}/shared:/shared | |
# ports: | |
# - 80:80 | |
# - 443:443 | |
# mem_limit: 4096m | |
restart: unless-stopped | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=heimdall" | |
- "traefik.frontend.rule=Host:heimdall.{{ external_domainname }},{{ external_domainname }}" | |
- "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
# - "traefik.port=80" | |
- "traefik.port=443" | |
- "traefik.protocol=https" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
## internal | |
heimdall-internal: | |
image: linuxserver/heimdall | |
container_name: heimdall-internal | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
- {{ mediaserver_config_dir }}/heimdall-int:/config | |
- {{ mediaserver_config_dir }}/shared:/shared | |
restart: unless-stopped | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=heimdall-internal" | |
- "traefik.frontend.rule=Host:heimdall.{{ internal_domainname }}" | |
- "traefik.port=443" | |
- "traefik.protocol=https" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
### Organizer - Unified HTPC/Home Server Web Interface | |
# ## basic auth enabled | |
# ## ref: https://github.com/containous/traefik/issues/3673 | |
# organizr: | |
# container_name: organizr | |
# restart: always | |
# image: lsiocommunity/organizr | |
# environment: | |
# - PUID={{ docker_user_uid }} | |
# - PGID={{ docker_user_gid }} | |
# - TZ={{ timezone }} | |
# networks: | |
# - traefik-public | |
# volumes: | |
# - {{ mediaserver_config_dir }}/organizr:/config | |
# - {{ mediaserver_config_dir }}/shared:/shared | |
# labels: | |
# - "traefik.enable=true" | |
# - "traefik.backend=organizr" | |
# - "traefik.frontend.rule=Host:organizr.{{ internal_domainname }}" | |
## - "traefik.frontend.rule=Host:organizr.{{ external_domainname }},organizr.{{ internal_domainname }}" | |
## - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefixStrip: /organizr" | |
## - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
# - "traefik.port=80" | |
# - "traefik.docker.network=traefik-public" | |
# - "traefik.frontend.headers.SSLRedirect=true" | |
# - "traefik.frontend.headers.STSSeconds=315360000" | |
## - "traefik.frontend.headers.browserXSSFilter=true" | |
# - "traefik.frontend.headers.contentTypeNosniff=true" | |
## - "traefik.frontend.headers.forceSTSHeader=true" | |
# - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
# - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
# - "traefik.frontend.headers.STSPreload=true" | |
# - "traefik.frontend.headers.frameDeny=true" | |
# WebUI for MariaDB | |
phpmyadmin: | |
hostname: phpmyadmin | |
container_name: phpmyadmin | |
image: phpmyadmin/phpmyadmin | |
restart: always | |
links: | |
- mariadb:db | |
ports: | |
- {{ phpmyadmin_port }}:80 | |
environment: | |
- PMA_HOST=mariadb | |
- MYSQL_ROOT_PASSWORD={{ mysql_root_password }} | |
networks: | |
- traefik-public | |
- default | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=pma" | |
- "traefik.frontend.rule=Host:pma.{{ internal_domainname }}" | |
- "traefik.port=80" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
######### DOCKER RELATED ########## | |
# Watchtower - Automatic Update of Containers/Apps | |
watchtower: | |
container_name: watchtower | |
hostname: watchtower | |
restart: always | |
image: v2tec/watchtower | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
command: --schedule "0 0 4 * * *" --cleanup | |
######### SMART HOME APPS ########## | |
# Home Assistant - Smart Home Hub | |
# homeassistant: | |
# container_name: homeassistant | |
# restart: always | |
# image: homeassistant/home-assistant | |
# devices: | |
# - /dev/ttyUSB0:/dev/ttyUSB0 | |
# - /dev/ttyUSB1:/dev/ttyUSB1 | |
# - /dev/ttyACM0:/dev/ttyACM0 | |
# mem_limit: 300m | |
# privileged: true | |
# environment: | |
# - PUID={{ docker_user_uid }} | |
# - PGID={{ docker_user_gid }} | |
# - TZ={{ timezone }} | |
# networks: | |
# - traefik-public | |
# - default | |
# volumes: | |
# - {{ mediaserver_config_dir }}/homeassistant:/config | |
# - /etc/localtime:/etc/localtime:ro | |
# - {{ mediaserver_config_dir }}/shared:/shared | |
# labels: | |
# - "traefik.enable=true" | |
# - "traefik.backend=homeassistant" | |
# - "traefik.frontend.rule=Host:hass.{{ external_domainname }},hass.{{ internal_domainname }}" | |
# - "traefik.port=8123" | |
# - "traefik.docker.network=traefik-public" | |
# - "traefik.frontend.headers.SSLRedirect=true" | |
# - "traefik.frontend.headers.STSSeconds=315360000" | |
# - "traefik.frontend.headers.browserXSSFilter=true" | |
# - "traefik.frontend.headers.contentTypeNosniff=true" | |
# - "traefik.frontend.headers.forceSTSHeader=true" | |
# - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
# - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
# - "traefik.frontend.headers.STSPreload=true" | |
# - "traefik.frontend.headers.frameDeny=true" | |
######### DOWNLOADERS ########## | |
## TODO: replace this with separate openvpn container that can be used for transmission/sabnzbd/etc | |
## ref: see response #8 here: | |
## https://plexguide.com/threads/howto-use-single-and-central-vpn-container-for-all-your-other-apps.2563/ | |
## ref: https://github.com/bubuntux/nordvpn (no longer works with this traefik docker-compose config) | |
## ref: https://forum.openmediavault.org/index.php/Thread/22164-Running-containers-through-an-OpenVPN-container/ | |
## ref: https://raw.githubusercontent.com/dperson/openvpn-client/master/docker-compose.yml | |
## ref: https://registry.hub.docker.com/r/bubuntux/nordvpn/tags | |
## ref: https://github.com/azinchen/nordvpn | |
openvpn: | |
# image: bubuntux/nordvpn:latest | |
image: azinchen/nordvpn:latest | |
container_name: openvpn | |
cap_add: | |
- net_admin | |
dns: | |
- 8.8.4.4 | |
- 8.8.8.8 | |
restart: unless-stopped | |
devices: | |
- /dev/net/tun | |
networks: | |
- vpn | |
ports: | |
- "{{ openvpn_http_port }}:80" | |
- "{{ transmission_port }}:9091" | |
- "{{ sabnzbd_port }}:8080" | |
environment: | |
- USER={{ openvpn_username }} | |
- PASS={{ openvpn_password }} | |
- COUNTRY=United_States | |
- CATEGORY=P2P | |
- NETWORK=192.168.0.0/16 | |
- TZ={{ timezone }} | |
# - PROTOCOL=UDP | |
- OPENVPN_OPTS=--pull-filter ignore "ping-restart" --ping-exit 180 | |
## ref: https://plexguide.com/threads/howto-use-single-and-central-vpn-container-for-all-your-other-apps.2563/ (works) | |
## ref: https://github.com/gwmullin/docker_stuff/blob/master/docker-compose.yml | |
## ref: https://hub.docker.com/r/dperson/transmission/ | |
transmission: | |
image: dperson/transmission | |
container_name: transmission | |
depends_on: | |
- openvpn | |
restart: always | |
environment: | |
- USERID={{ docker_user_uid }} | |
- GROUPID={{ docker_user_gid }} | |
- TRUSER={{ transmission_rpc_username }} | |
- TRPASSWD={{ transmission_rpc_password }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
- vpn | |
volumes: | |
- {{ mediaserver_downloads }}:/var/lib/transmission-daemon/downloads | |
- {{ mediaserver_config_dir }}/transmission:/var/lib/transmission-daemon/info | |
- {{ mediaserver_downloads }}:/downloads | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=transmission" | |
- "traefik.frontend.rule=Host:transmission.{{ internal_domainname }}" | |
- "traefik.port=9091" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
# SABnzbd – Usenet (NZB) Downloader | |
sabnzbd: | |
image: linuxserver/sabnzbd | |
container_name: sabnzbd | |
depends_on: | |
- openvpn | |
restart: always | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
- vpn | |
volumes: | |
- {{ mediaserver_config_dir }}/sabnzbd:/config | |
# - {{ mediaserver_downloads_complete }}:/downloads | |
- {{ mediaserver_downloads }}:/downloads | |
- {{ mediaserver_downloads_incomplete }}:/incomplete-downloads | |
- {{ mediaserver_config_dir }}/shared:/shared | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=sabnzbd" | |
- "traefik.frontend.rule=Host:sabnzbd.{{ internal_domainname }}" | |
- "traefik.port=8080" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
healthcheck: | |
test: ["CMD", "curl", "-f", "http://localhost:8080"] | |
interval: 60s | |
timeout: 15s | |
retries: 3 | |
start_period: 120s | |
# nzbget: | |
# image: linuxserver/nzbget | |
# container_name: nzbget | |
## volumes: | |
## - /opt/appdata/nzbget/config:/config | |
## - /opt/downloads:/downloads | |
## - /mnt/disk1/downloads/complete:/downloads/complete | |
## ports: | |
## - 27020:6789 | |
# depends_on: | |
# - openvpn | |
# restart: always | |
# environment: | |
# - PUID={{ docker_user_uid }} | |
# - PGID={{ docker_user_gid }} | |
# - TZ={{ timezone }} | |
# networks: | |
# - traefik-public | |
# - vpn | |
# volumes: | |
# - {{ mediaserver_config_dir }}/sabnzbd:/config | |
# - {{ mediaserver_downloads }}:/downloads | |
# - {{ mediaserver_downloads_complete }}:/downloads/complete | |
# labels: | |
# - "traefik.enable=true" | |
# - "traefik.backend=nzbget" | |
# - "traefik.frontend.rule=Host:nzbget.{{ internal_domainname }}" | |
# - "traefik.port=6789" | |
# - "traefik.docker.network=traefik-public" | |
# - "traefik.frontend.headers.SSLRedirect=true" | |
# - "traefik.frontend.headers.STSSeconds=315360000" | |
# - "traefik.frontend.headers.browserXSSFilter=true" | |
# - "traefik.frontend.headers.contentTypeNosniff=true" | |
# - "traefik.frontend.headers.forceSTSHeader=true" | |
# - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
# - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
# - "traefik.frontend.headers.STSPreload=true" | |
# - "traefik.frontend.headers.frameDeny=true" | |
######### PERSONAL VIDEO RECORDERS ########## | |
# CouchPotato – Movie Download and Management (Alternative) | |
couchpotato: | |
image: "linuxserver/couchpotato" | |
hostname: couchpotato | |
container_name: "couchpotato" | |
restart: "unless-stopped" | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- UMASK_SET=002 | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
- {{ mediaserver_config_dir }}/couchpotato:/config | |
- {{ mediaserver_downloads }}:/downloads | |
- {{ mediaserver_media_movies_path }}:/movies | |
- {{ mediaserver_config_dir }}/shared:/shared | |
- {{ mediaserver_remote_path }}:/remote_media | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=couchpotato" | |
- "traefik.frontend.rule=Host:couchpotato.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /sabnzbd" | |
# - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
- "traefik.port=5050" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
# Sonarr – TV Show Download and Management | |
sonarr: | |
image: "linuxserver/sonarr" | |
hostname: sonarr | |
container_name: "sonarr" | |
depends_on: | |
- transmission | |
- sabnzbd | |
# ports: | |
# - "XXXX:8989" | |
restart: "unless-stopped" | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
- vpn | |
volumes: | |
- {{ mediaserver_config_dir }}/sonarr:/config | |
- {{ mediaserver_downloads }}:/downloads | |
- {{ mediaserver_media_tv_path }}:/tv | |
- {{ mediaserver_config_dir }}/shared:/shared | |
- {{ mediaserver_remote_path }}:/remote_media | |
- {{ mediaserver_scripts_dir }}:/scripts | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=sonarr" | |
# - "traefik.frontend.rule=Host:sonarr.{{ external_domainname }},sonarr.{{ internal_domainname }}" | |
- "traefik.frontend.rule=Host:sonarr.{{ internal_domainname }}" | |
- "traefik.port=8989" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
# Radarr – Movie Download and Management | |
radarr: | |
image: "linuxserver/radarr" | |
container_name: "radarr" | |
depends_on: | |
- transmission | |
- sabnzbd | |
# mem_limit: 500m | |
# ports: | |
# - "XXXX:7878" | |
restart: "unless-stopped" | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
- {{ mediaserver_config_dir }}/radarr:/config | |
- {{ mediaserver_downloads }}:/downloads | |
- {{ mediaserver_media_movies_path }}:/movies | |
- "/etc/localtime:/etc/localtime:ro" | |
- {{ mediaserver_config_dir }}/shared:/shared | |
- {{ mediaserver_remote_path }}:/remote_media | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=radarr" | |
# - "traefik.frontend.rule=Host:radarr.{{ external_domainname }},radarr.{{ internal_domainname }}" | |
- "traefik.frontend.rule=Host:radarr.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /radarr" | |
- "traefik.port=7878" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
#LIDARR - Music Download and Management | |
lidarr: | |
image: "linuxserver/lidarr" | |
# image: "linuxserver/lidarr:master" | |
# image: "linuxserver/lidarr:preview" | |
hostname: lidarr | |
container_name: "lidarr" | |
depends_on: | |
- transmission | |
- sabnzbd | |
# mem_limit: 300m | |
restart: "unless-stopped" | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
- {{ mediaserver_config_dir }}/lidarr:/config | |
- {{ mediaserver_downloads }}:/downloads | |
- {{ mediaserver_media_music_path }}:/music | |
- "/etc/localtime:/etc/localtime:ro" | |
- {{ mediaserver_config_dir }}/shared:/shared | |
- {{ mediaserver_remote_path }}:/remote_media | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=lidarr" | |
# - "traefik.frontend.rule=Host:lidarr.{{ external_domainname }},lidarr.{{ internal_domainname }}" | |
- "traefik.frontend.rule=Host:lidarr.{{ internal_domainname }}" | |
- "traefik.port=8686" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
## Medusa – TV Show Download and Management (Alternative) | |
# medusa: | |
# image: "linuxserver/medusa" | |
# hostname: medusa | |
# container_name: medusa | |
# depends_on: | |
# - transmission | |
# - sabnzbd | |
# restart: always | |
# environment: | |
# - PUID={{ docker_user_uid }} | |
# - PGID={{ docker_user_gid }} | |
# - TZ={{ timezone }} | |
# networks: | |
# - traefik-public | |
# volumes: | |
# - {{ mediaserver_config_dir }}/medusa:/config | |
## - {{ mediaserver_downloads_complete }}:/downloads | |
# - {{ mediaserver_downloads }}:/downloads | |
# - {{ mediaserver_media_tv_path }}:/tv | |
# - {{ mediaserver_config_dir }}/shared:/shared | |
# labels: | |
# - "traefik.enable=true" | |
# - "traefik.backend=medusa" | |
# - "traefik.frontend.rule=Host:medusa.{{ external_domainname }},medusa.{{ internal_domainname }}" | |
## - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /medusa" | |
# - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
# - "traefik.port=8081" | |
# - "traefik.docker.network=traefik-public" | |
# - "traefik.frontend.headers.SSLRedirect=true" | |
# - "traefik.frontend.headers.STSSeconds=315360000" | |
# - "traefik.frontend.headers.browserXSSFilter=true" | |
# - "traefik.frontend.headers.contentTypeNosniff=true" | |
# - "traefik.frontend.headers.forceSTSHeader=true" | |
## - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
# - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
# - "traefik.frontend.headers.STSPreload=true" | |
# - "traefik.frontend.headers.frameDeny=true" | |
######### Converter ########## | |
# MakeMKV – MakeMKV is a format converter, otherwise called "transcoder". | |
# It converts the video clips from proprietary (and usually encrypted) disc into a set of MKV files, | |
# preserving most information but not changing it in any way. | |
# The MKV format can store multiple video/audio tracks with all meta-information and preserve chapters. | |
# ref: https://github.com/jlesage/docker-makemkv | |
makemkv: | |
image: "jlesage/makemkv" | |
hostname: makemkv | |
container_name: "makemkv" | |
restart: "unless-stopped" | |
environment: | |
- USER_ID={{ docker_user_uid }} | |
- GROUP_ID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
# - "/docker/appdata/makemkv:/config:rw" | |
# - "$HOME:/storage:ro" | |
# - "$HOME/MakeMKV/output:/output:rw" | |
- {{ mediaserver_config_dir }}/makemkv:/config:rw | |
- {{ mediaserver_downloads }}:/storage:ro | |
- {{ mediaserver_media_path }}/makemkv/output:/output:rw | |
# devices: | |
# - "/dev/sr0:/dev/sr0" | |
# - "/dev/sg2:/dev/sg2" | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=makemkv" | |
# - "traefik.frontend.rule=Host:makemkv.{{ external_domainname }},makemkv.{{ internal_domainname }}" | |
- "traefik.frontend.rule=Host:makemkv.{{ internal_domainname }}" | |
- "traefik.port=5800" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
######### MEDIA SERVER APPS ########## | |
## Plex Media Server | |
# plexms: | |
# container_name: plexms | |
# restart: always | |
# image: plexinc/pms-docker | |
# volumes: | |
# - {{ mediaserver_config_dir }}/plex:/config | |
# - /tmp:/transcode | |
# - {{ mediaserver_media_path }}:/media | |
# - {{ mediaserver_config_dir }}/shared:/shared | |
## - ${USERDIR}/docker/plexms:/config | |
## - ${USERDIR}/Downloads/plex_tmp:/transcode | |
## - /media/media:/media | |
## - ${USERDIR}/docker/shared:/shared | |
# ports: | |
# - "32400:32400/tcp" | |
# - "3005:3005/tcp" | |
# - "8324:8324/tcp" | |
# - "32469:32469/tcp" | |
# - "1900:1900/udp" | |
# - "32410:32410/udp" | |
# - "32412:32412/udp" | |
# - "32413:32413/udp" | |
# - "32414:32414/udp" | |
# environment: | |
# - PLEX_UID={{ docker_user_uid }} | |
# - PLEX_GID={{ docker_user_gid }} | |
# - TZ={{ timezone }} | |
# - HOSTNAME="Docker Plex" | |
## - PLEX_CLAIM="claim-YYYYYYYYY" | |
## - ADVERTISE_IP="http://SERVER-IP0:32400/" | |
# - PLEX_CLAIM="claim-YpQntWWifRRQNWohDJw1" | |
# - ADVERTISE_IP="http://plex.{{ internal_domainname }}:32400/" | |
## - ADVERTISE_IP="http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:32400/" | |
# networks: | |
# - traefik_proxy | |
# labels: | |
# - "traefik.enable=true" | |
# - "traefik.backend=plexms" | |
## - "traefik.frontend.rule=Host:plex.${DOMAINNAME}" | |
# - "traefik.frontend.rule=Host:plex.{{ internal_domainname }}" | |
# - "traefik.port=32400" | |
# - "traefik.protocol=http" | |
# - "traefik.docker.network=traefik_proxy" | |
# - "traefik.frontend.headers.SSLRedirect=true" | |
# - "traefik.frontend.headers.STSSeconds=315360000" | |
# - "traefik.frontend.headers.browserXSSFilter=true" | |
# - "traefik.frontend.headers.contentTypeNosniff=true" | |
# - "traefik.frontend.headers.forceSTSHeader=true" | |
# - "traefik.frontend.headers.SSLHost=example.com" | |
# - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
# - "traefik.frontend.headers.STSPreload=true" | |
# - "traefik.frontend.headers.frameDeny=true" | |
# Ombi – Accept Requests for your Media Server | |
ombi: | |
container_name: ombi | |
depends_on: | |
- transmission | |
- sabnzbd | |
restart: "unless-stopped" | |
image: linuxserver/ombi | |
# mem_limit: 300m | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
- {{ mediaserver_config_dir }}/ombi:/config | |
- {{ mediaserver_config_dir }}/shared:/shared | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=ombi" | |
- "traefik.frontend.rule=Host:ombi.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:ombi.{{ external_domainname }},ombi.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /ombi" | |
- "traefik.port=3579" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
######### SEARCHERS ########## | |
# NZBHydra – NZB Meta Search | |
hydra: | |
# image: "linuxserver/hydra" | |
image: "linuxserver/hydra2" | |
container_name: "hydra" | |
restart: "unless-stopped" | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
- {{ mediaserver_config_dir }}/hydra:/config | |
- {{ mediaserver_downloads }}:/downloads | |
- {{ mediaserver_config_dir }}/shared:/shared | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=hydra" | |
- "traefik.frontend.rule=Host:hydra.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:hydra.{{ external_domainname }},hydra.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /hydra" | |
# - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
# - "traefik.port=5075" | |
- "traefik.port=5076" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
# Jackett – Torrent Proxy | |
jackett: | |
image: "linuxserver/jackett" | |
container_name: "jackett" | |
restart: "unless-stopped" | |
# mem_limit: 300m | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
networks: | |
- traefik-public | |
volumes: | |
- "/etc/localtime:/etc/localtime:ro" | |
- {{ mediaserver_config_dir }}/jackett:/config | |
- {{ mediaserver_downloads_watch }}:/downloads | |
- {{ mediaserver_config_dir }}/shared:/shared | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=jackett" | |
- "traefik.frontend.rule=Host:jackett.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:jackett.{{ external_domainname }},jackett.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /jackett" | |
# - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
- "traefik.port=9117" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
######### UTILITIES ########## | |
# MariaDB – Database Server for your Apps | |
mariadb: | |
image: "linuxserver/mariadb" | |
container_name: "mariadb" | |
hostname: mariadb | |
ports: | |
- "{{ mysql_port }}:3306" | |
restart: "unless-stopped" | |
environment: | |
- MYSQL_ROOT_PASSWORD={{ mysql_root_password }} | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
- TZ={{ timezone }} | |
volumes: | |
- {{ mediaserver_config_dir }}/mariadb:/config | |
# NextCloud – Your Own Cloud Storage | |
nextcloud: | |
container_name: nextcloud | |
image: linuxserver/nextcloud | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
restart: "unless-stopped" | |
networks: | |
- traefik-public | |
volumes: | |
- {{ mediaserver_config_dir }}/nextcloud:/config | |
# - {{ docker_user_home }}/shared_data:/data | |
- {{ mediaserver_config_dir }}/nextcloud/data:/data | |
# - {{ mediaserver_config_dir }}/shared:/shared | |
- {{ mediaserver_shared_data_dir }}:/shared | |
- {{ mediaserver_media_path }}:/media | |
- {{ mediaserver_remote_path }}:/remote_media | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=nextcloud" | |
- "traefik.frontend.rule=Host:nextcloud.{{ external_domainname }},nextcloud.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:nextcloud.{{ internal_domainname }}" | |
- "traefik.port=443" | |
- "traefik.protocol=https" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
# Pydio – Your Own Cloud Storage | |
pydio: | |
container_name: pydio | |
hostname: pydio | |
image: linuxserver/pydio | |
environment: | |
- PUID={{ docker_user_uid }} | |
- PGID={{ docker_user_gid }} | |
restart: "unless-stopped" | |
networks: | |
- traefik-public | |
volumes: | |
- "/etc/localtime:/etc/localtime:ro" | |
- {{ mediaserver_config_dir }}/pydio:/config | |
- {{ mediaserver_config_dir }}/shared:/shared | |
# - {{ docker_user_home }}/shared_data:/data | |
- {{ mediaserver_config_dir }}/pydio/data:/data | |
- {{ mediaserver_media_path}}:/media | |
- {{ mediaserver_remote_path }}:/remote_media | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=pydio" | |
- "traefik.frontend.rule=Host:pydio.{{ external_domainname }},pydio.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:pydio.{{ internal_domainname }}" | |
- "traefik.port=443" | |
- "traefik.protocol=https" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
deploy: | |
mode: global | |
resources: | |
limits: | |
memory: 512M | |
reservations: | |
memory: 128M | |
## ID management stack per: | |
## ref: https://blog.exceptionerror.io/2018/08/29/openldap-keycloak-and-docker/ | |
## ref: https://hub.docker.com/_/postgres | |
postgres: | |
container_name: "postgres" | |
# image: postgres | |
image: postgres:11 | |
ports: | |
- "{{ postgres_port }}:5432" | |
restart: "unless-stopped" | |
networks: | |
- net | |
volumes: | |
- {{ mediaserver_config_dir }}/postgres/passwd:/etc/passwd:ro | |
- {{ mediaserver_config_dir }}/postgres/multiple-dbs:/docker-entrypoint-initdb.d | |
- {{ mediaserver_config_dir }}/postgres/config:/config | |
- {{ mediaserver_config_dir }}/postgres/data:/var/lib/postgresql/data | |
# - postgres_data:/var/lib/postgresql/data | |
environment: | |
POSTGRES_MULTIPLE_DATABASES: {{ keycloak_postgres_user }},{{ keycloak_postgres_password }}:{{ gitea_postgres_user }},{{ gitea_postgres_password }} | |
POSTGRES_USER: {{ postgres_user }} | |
POSTGRES_PASSWORD: {{ postgres_password }} | |
# healthcheck: | |
# test: "exit 0" | |
## ref: https://medium.com/@wilson.wilson/manage-docker-registry-auth-with-keycloak-e0b4356cf7d0 | |
healthcheck: | |
test: 'PGPASSWORD="{{ postgres_password }}" psql --host 127.0.0.1 --username {{ postgres_user }} --dbname postgres -c "select 1" ; [ "0" -eq "$$?" ]; echo $$?' | |
interval: 30s | |
timeout: 10s | |
retries: 3 | |
## ref: https://blog.exceptionerror.io/2018/08/29/openldap-keycloak-and-docker/ | |
## ref: https://github.com/wolfeidau/keycloak-docker-compose/blob/master/docker-compose.yml | |
## ref: https://github.com/jboss-dockerfiles/keycloak/tree/master/docker-compose-examples | |
## ref: https://medium.com/@wilson.wilson/manage-docker-registry-auth-with-keycloak-e0b4356cf7d0 | |
keycloak: | |
container_name: "keycloak" | |
image: jboss/keycloak | |
depends_on: | |
- postgres | |
restart: "unless-stopped" | |
networks: | |
- traefik-public | |
- net | |
environment: | |
DB_VENDOR: POSTGRES | |
DB_ADDR: postgres | |
DB_DATABASE: {{ keycloak_postgres_user }} | |
DB_USER: {{ keycloak_postgres_user }} | |
DB_PASSWORD: {{ keycloak_postgres_password }} | |
KEYCLOAK_USER: {{ keycloak_user }} | |
KEYCLOAK_PASSWORD: {{ keycloak_password }} | |
KEYCLOAK_LOGLEVEL: DEBUG | |
PROXY_ADDRESS_FORWARDING: 'true' | |
#JDBC_PARAMS: "ssl=true" | |
ports: | |
- 8081:8080 | |
volumes: | |
- {{ mediaserver_config_dir }}/keycloak/themes:/opt/jboss/keycloak/themes/custome/:rw | |
# - {{ mediaserver_config_dir }}/keycloak/data:/data | |
- keycloak_data:/data | |
labels: | |
- "traefik.enable=true" | |
- "traefik.backend=keycloak" | |
- "traefik.port=8080" | |
- "traefik.frontend.rule=Host:auth.{{ external_domainname }},auth.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=Host:keycloak.{{ external_domainname }},keycloak.{{ internal_domainname }}" | |
# - "traefik.frontend.rule=PathPrefix:/auth" | |
- "traefik.docker.network=traefik-public" | |
# - "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
# - "traefik.frontend.headers.frameDeny=true" | |
healthcheck: | |
test: ["CMD", "curl", "-f", "http://localhost:8080/auth/"] | |
interval: 5s | |
timeout: 2s | |
retries: 15 | |
## ref: https://docs.gitea.io/en-us/install-with-docker/ | |
## ref: https://git.habd.as/comfusion/high-tea/src/branch/master/docker-compose.yml | |
gitea: | |
container_name: gitea | |
# image: gitea/gitea:1.6 | |
image: gitea/gitea:latest | |
depends_on: | |
- postgres | |
environment: | |
- USER_UID={{ docker_user_uid }} | |
- USER_GID={{ docker_user_gid }} | |
- DB_TYPE=postgres | |
- DB_HOST=postgres:{{ postgres_port }} | |
- DB_NAME={{ gitea_postgres_user }} | |
- DB_USER={{ gitea_postgres_user }} | |
- DB_PASSWD={{ gitea_postgres_password }} | |
# restart: always | |
restart: "unless-stopped" | |
networks: | |
- traefik-public | |
- net | |
volumes: | |
- {{ mediaserver_config_dir }}/gitea:/data | |
expose: | |
- "3000" | |
# ports: | |
# - "2222:22" | |
labels: | |
# - "traefik.docker.network=web" | |
# - "traefik.enable=true" | |
# - "traefik.frontend.rule=Host:git.{{ internal_domainname }}" | |
# - "traefik.port=3000" | |
# - "traefik.protocol=http" | |
- "traefik.enable=true" | |
- "traefik.backend=gitea" | |
- "traefik.frontend.rule=Host:gitea.{{ internal_domainname }}" | |
- "traefik.port=3000" | |
- "traefik.docker.network=traefik-public" | |
- "traefik.protocol=http" | |
- "traefik.frontend.headers.SSLRedirect=true" | |
- "traefik.frontend.headers.STSSeconds=315360000" | |
- "traefik.frontend.headers.browserXSSFilter=true" | |
- "traefik.frontend.headers.contentTypeNosniff=true" | |
- "traefik.frontend.headers.forceSTSHeader=true" | |
- "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
- "traefik.frontend.headers.STSIncludeSubdomains=true" | |
- "traefik.frontend.headers.STSPreload=true" | |
- "traefik.frontend.headers.frameDeny=true" | |
## Promotheus/Grafana stack per: | |
## ref: https://github.com/stefanprodan/swarmprom/blob/master/docker-compose.traefik.yml | |
dockerd-exporter: | |
container_name: "dockerd-exporter" | |
image: stefanprodan/caddy | |
networks: | |
- net | |
environment: | |
- DOCKER_GWBRIDGE_IP=172.18.0.1 | |
configs: | |
- source: dockerd_config | |
target: /etc/caddy/Caddyfile | |
deploy: | |
mode: global | |
resources: | |
limits: | |
memory: 128M | |
reservations: | |
memory: 64M | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment