Last active
October 30, 2022 19:51
-
-
Save lj020326/c24f2f642ea6b3014836f0cae845b9d9 to your computer and use it in GitHub Desktop.
docker-compose for traefik media stack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Reference: https://www.smarthomebeginner.com/docker-home-media-server-2018-basic | |
| #Requirement: Set environmental variables: USERDIR, PUID, PGID, MYSQL_ROOT_PASSWORD, and TZ as explained in the reference. | |
| ## openvpn docker-media-node | |
| ## ref: https://github.com/mandreko/media-server/blob/master/docker-compose.yml | |
| version: "3.6" | |
| networks: | |
| vpn: | |
| external: | |
| name: vpn | |
| traefik-public: | |
| external: true | |
| default: | |
| driver: bridge | |
| ## ref: https://github.com/stefanprodan/swarmprom/blob/master/docker-compose.traefik.yml | |
| net: | |
| # driver: overlay | |
| external: false | |
| attachable: true | |
| # internal: | |
| # external: false | |
| # attachable: true | |
| volumes: | |
| prometheus: {} | |
| grafana: {} | |
| alertmanager: {} | |
| keycloak_data: {} | |
| # postgres_data: | |
| # driver: local | |
| # ldap: | |
| # driver: local | |
| # gitea: | |
| # driver: local | |
| configs: | |
| dockerd_config: | |
| file: ./dockerd-exporter/Caddyfile | |
| node_rules: | |
| file: ./prometheus/rules/swarm_node.rules.yml | |
| task_rules: | |
| file: ./prometheus/rules/swarm_task.rules.yml | |
| services: | |
| ######### FRONTENDS ########## | |
| # Traefik Reverse Proxy | |
| traefik: | |
| hostname: traefik | |
| # image: traefik:latest | |
| # image: traefik:v2.0.0 | |
| image: traefik:v1.7 | |
| container_name: traefik | |
| restart: always | |
| domainname: {{ external_domainname }} | |
| networks: | |
| - default | |
| - traefik-public | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| - CLOUDFLARE_EMAIL={{ cloudflare_email }} | |
| - CLOUDFLARE_API_KEY={{ cloudflare_apikey }} | |
| - CF_API_EMAIL={{ cloudflare_email }} | |
| - CF_API_KEY={{ cloudflare_apikey }} | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock:ro | |
| - {{ mediaserver_config_dir }}/traefik:/etc/traefik | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| - {{ mediaserver_config_dir }}/traefik/certs:/certs | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=traefik" | |
| # - "traefik.frontend.rule=Host:traefik.{{ external_domainname }},traefik.{{ internal_domainname }}" | |
| - "traefik.frontend.rule=Host:traefik.{{ internal_domainname }}" | |
| - "traefik.port=8080" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| #Portainer - WebUI for Containers | |
| portainer: | |
| image: portainer/portainer | |
| container_name: portainer | |
| restart: always | |
| command: -H unix:///var/run/docker.sock | |
| environment: | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - {{ mediaserver_config_dir }}/portainer/data:/data | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=portainer" | |
| - "traefik.frontend.rule=Host:portainer.{{ internal_domainname }}" | |
| - "traefik.port=9000" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| # Heimdall - unified Web interface | |
| ## ref: https://git.sogenius.io/hos/mediaflix/blob/master/docker-compose.yml | |
| heimdall: | |
| image: linuxserver/heimdall | |
| container_name: heimdall | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - {{ mediaserver_config_dir }}/heimdall:/config | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| # ports: | |
| # - 80:80 | |
| # - 443:443 | |
| # mem_limit: 4096m | |
| restart: unless-stopped | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=heimdall" | |
| - "traefik.frontend.rule=Host:heimdall.{{ external_domainname }},{{ external_domainname }}" | |
| - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
| # - "traefik.port=80" | |
| - "traefik.port=443" | |
| - "traefik.protocol=https" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| ## internal | |
| heimdall-internal: | |
| image: linuxserver/heimdall | |
| container_name: heimdall-internal | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - {{ mediaserver_config_dir }}/heimdall-int:/config | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| restart: unless-stopped | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=heimdall-internal" | |
| - "traefik.frontend.rule=Host:heimdall.{{ internal_domainname }}" | |
| - "traefik.port=443" | |
| - "traefik.protocol=https" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| ### Organizer - Unified HTPC/Home Server Web Interface | |
| # ## basic auth enabled | |
| # ## ref: https://github.com/containous/traefik/issues/3673 | |
| # organizr: | |
| # container_name: organizr | |
| # restart: always | |
| # image: lsiocommunity/organizr | |
| # environment: | |
| # - PUID={{ docker_user_uid }} | |
| # - PGID={{ docker_user_gid }} | |
| # - TZ={{ timezone }} | |
| # networks: | |
| # - traefik-public | |
| # volumes: | |
| # - {{ mediaserver_config_dir }}/organizr:/config | |
| # - {{ mediaserver_config_dir }}/shared:/shared | |
| # labels: | |
| # - "traefik.enable=true" | |
| # - "traefik.backend=organizr" | |
| # - "traefik.frontend.rule=Host:organizr.{{ internal_domainname }}" | |
| ## - "traefik.frontend.rule=Host:organizr.{{ external_domainname }},organizr.{{ internal_domainname }}" | |
| ## - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefixStrip: /organizr" | |
| ## - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
| # - "traefik.port=80" | |
| # - "traefik.docker.network=traefik-public" | |
| # - "traefik.frontend.headers.SSLRedirect=true" | |
| # - "traefik.frontend.headers.STSSeconds=315360000" | |
| ## - "traefik.frontend.headers.browserXSSFilter=true" | |
| # - "traefik.frontend.headers.contentTypeNosniff=true" | |
| ## - "traefik.frontend.headers.forceSTSHeader=true" | |
| # - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
| # - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| # - "traefik.frontend.headers.STSPreload=true" | |
| # - "traefik.frontend.headers.frameDeny=true" | |
| # WebUI for MariaDB | |
| phpmyadmin: | |
| hostname: phpmyadmin | |
| container_name: phpmyadmin | |
| image: phpmyadmin/phpmyadmin | |
| restart: always | |
| links: | |
| - mariadb:db | |
| ports: | |
| - {{ phpmyadmin_port }}:80 | |
| environment: | |
| - PMA_HOST=mariadb | |
| - MYSQL_ROOT_PASSWORD={{ mysql_root_password }} | |
| networks: | |
| - traefik-public | |
| - default | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=pma" | |
| - "traefik.frontend.rule=Host:pma.{{ internal_domainname }}" | |
| - "traefik.port=80" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| ######### DOCKER RELATED ########## | |
| # Watchtower - Automatic Update of Containers/Apps | |
| watchtower: | |
| container_name: watchtower | |
| hostname: watchtower | |
| restart: always | |
| image: v2tec/watchtower | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| command: --schedule "0 0 4 * * *" --cleanup | |
| ######### SMART HOME APPS ########## | |
| # Home Assistant - Smart Home Hub | |
| # homeassistant: | |
| # container_name: homeassistant | |
| # restart: always | |
| # image: homeassistant/home-assistant | |
| # devices: | |
| # - /dev/ttyUSB0:/dev/ttyUSB0 | |
| # - /dev/ttyUSB1:/dev/ttyUSB1 | |
| # - /dev/ttyACM0:/dev/ttyACM0 | |
| # mem_limit: 300m | |
| # privileged: true | |
| # environment: | |
| # - PUID={{ docker_user_uid }} | |
| # - PGID={{ docker_user_gid }} | |
| # - TZ={{ timezone }} | |
| # networks: | |
| # - traefik-public | |
| # - default | |
| # volumes: | |
| # - {{ mediaserver_config_dir }}/homeassistant:/config | |
| # - /etc/localtime:/etc/localtime:ro | |
| # - {{ mediaserver_config_dir }}/shared:/shared | |
| # labels: | |
| # - "traefik.enable=true" | |
| # - "traefik.backend=homeassistant" | |
| # - "traefik.frontend.rule=Host:hass.{{ external_domainname }},hass.{{ internal_domainname }}" | |
| # - "traefik.port=8123" | |
| # - "traefik.docker.network=traefik-public" | |
| # - "traefik.frontend.headers.SSLRedirect=true" | |
| # - "traefik.frontend.headers.STSSeconds=315360000" | |
| # - "traefik.frontend.headers.browserXSSFilter=true" | |
| # - "traefik.frontend.headers.contentTypeNosniff=true" | |
| # - "traefik.frontend.headers.forceSTSHeader=true" | |
| # - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
| # - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| # - "traefik.frontend.headers.STSPreload=true" | |
| # - "traefik.frontend.headers.frameDeny=true" | |
| ######### DOWNLOADERS ########## | |
| ## TODO: replace this with separate openvpn container that can be used for transmission/sabnzbd/etc | |
| ## ref: see response #8 here: | |
| ## https://plexguide.com/threads/howto-use-single-and-central-vpn-container-for-all-your-other-apps.2563/ | |
| ## ref: https://github.com/bubuntux/nordvpn (no longer works with this traefik docker-compose config) | |
| ## ref: https://forum.openmediavault.org/index.php/Thread/22164-Running-containers-through-an-OpenVPN-container/ | |
| ## ref: https://raw.githubusercontent.com/dperson/openvpn-client/master/docker-compose.yml | |
| ## ref: https://registry.hub.docker.com/r/bubuntux/nordvpn/tags | |
| ## ref: https://github.com/azinchen/nordvpn | |
| openvpn: | |
| # image: bubuntux/nordvpn:latest | |
| image: azinchen/nordvpn:latest | |
| container_name: openvpn | |
| cap_add: | |
| - net_admin | |
| dns: | |
| - 8.8.4.4 | |
| - 8.8.8.8 | |
| restart: unless-stopped | |
| devices: | |
| - /dev/net/tun | |
| networks: | |
| - vpn | |
| ports: | |
| - "{{ openvpn_http_port }}:80" | |
| - "{{ transmission_port }}:9091" | |
| - "{{ sabnzbd_port }}:8080" | |
| environment: | |
| - USER={{ openvpn_username }} | |
| - PASS={{ openvpn_password }} | |
| - COUNTRY=United_States | |
| - CATEGORY=P2P | |
| - NETWORK=192.168.0.0/16 | |
| - TZ={{ timezone }} | |
| # - PROTOCOL=UDP | |
| - OPENVPN_OPTS=--pull-filter ignore "ping-restart" --ping-exit 180 | |
| ## ref: https://plexguide.com/threads/howto-use-single-and-central-vpn-container-for-all-your-other-apps.2563/ (works) | |
| ## ref: https://github.com/gwmullin/docker_stuff/blob/master/docker-compose.yml | |
| ## ref: https://hub.docker.com/r/dperson/transmission/ | |
| transmission: | |
| image: dperson/transmission | |
| container_name: transmission | |
| depends_on: | |
| - openvpn | |
| restart: always | |
| environment: | |
| - USERID={{ docker_user_uid }} | |
| - GROUPID={{ docker_user_gid }} | |
| - TRUSER={{ transmission_rpc_username }} | |
| - TRPASSWD={{ transmission_rpc_password }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| - vpn | |
| volumes: | |
| - {{ mediaserver_downloads }}:/var/lib/transmission-daemon/downloads | |
| - {{ mediaserver_config_dir }}/transmission:/var/lib/transmission-daemon/info | |
| - {{ mediaserver_downloads }}:/downloads | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=transmission" | |
| - "traefik.frontend.rule=Host:transmission.{{ internal_domainname }}" | |
| - "traefik.port=9091" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| # SABnzbd – Usenet (NZB) Downloader | |
| sabnzbd: | |
| image: linuxserver/sabnzbd | |
| container_name: sabnzbd | |
| depends_on: | |
| - openvpn | |
| restart: always | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| - vpn | |
| volumes: | |
| - {{ mediaserver_config_dir }}/sabnzbd:/config | |
| # - {{ mediaserver_downloads_complete }}:/downloads | |
| - {{ mediaserver_downloads }}:/downloads | |
| - {{ mediaserver_downloads_incomplete }}:/incomplete-downloads | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=sabnzbd" | |
| - "traefik.frontend.rule=Host:sabnzbd.{{ internal_domainname }}" | |
| - "traefik.port=8080" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| healthcheck: | |
| test: ["CMD", "curl", "-f", "http://localhost:8080"] | |
| interval: 60s | |
| timeout: 15s | |
| retries: 3 | |
| start_period: 120s | |
| # nzbget: | |
| # image: linuxserver/nzbget | |
| # container_name: nzbget | |
| ## volumes: | |
| ## - /opt/appdata/nzbget/config:/config | |
| ## - /opt/downloads:/downloads | |
| ## - /mnt/disk1/downloads/complete:/downloads/complete | |
| ## ports: | |
| ## - 27020:6789 | |
| # depends_on: | |
| # - openvpn | |
| # restart: always | |
| # environment: | |
| # - PUID={{ docker_user_uid }} | |
| # - PGID={{ docker_user_gid }} | |
| # - TZ={{ timezone }} | |
| # networks: | |
| # - traefik-public | |
| # - vpn | |
| # volumes: | |
| # - {{ mediaserver_config_dir }}/sabnzbd:/config | |
| # - {{ mediaserver_downloads }}:/downloads | |
| # - {{ mediaserver_downloads_complete }}:/downloads/complete | |
| # labels: | |
| # - "traefik.enable=true" | |
| # - "traefik.backend=nzbget" | |
| # - "traefik.frontend.rule=Host:nzbget.{{ internal_domainname }}" | |
| # - "traefik.port=6789" | |
| # - "traefik.docker.network=traefik-public" | |
| # - "traefik.frontend.headers.SSLRedirect=true" | |
| # - "traefik.frontend.headers.STSSeconds=315360000" | |
| # - "traefik.frontend.headers.browserXSSFilter=true" | |
| # - "traefik.frontend.headers.contentTypeNosniff=true" | |
| # - "traefik.frontend.headers.forceSTSHeader=true" | |
| # - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| # - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| # - "traefik.frontend.headers.STSPreload=true" | |
| # - "traefik.frontend.headers.frameDeny=true" | |
| ######### PERSONAL VIDEO RECORDERS ########## | |
| # CouchPotato – Movie Download and Management (Alternative) | |
| couchpotato: | |
| image: "linuxserver/couchpotato" | |
| hostname: couchpotato | |
| container_name: "couchpotato" | |
| restart: "unless-stopped" | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - UMASK_SET=002 | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - {{ mediaserver_config_dir }}/couchpotato:/config | |
| - {{ mediaserver_downloads }}:/downloads | |
| - {{ mediaserver_media_movies_path }}:/movies | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| - {{ mediaserver_remote_path }}:/remote_media | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=couchpotato" | |
| - "traefik.frontend.rule=Host:couchpotato.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /sabnzbd" | |
| # - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
| - "traefik.port=5050" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| # Sonarr – TV Show Download and Management | |
| sonarr: | |
| image: "linuxserver/sonarr" | |
| hostname: sonarr | |
| container_name: "sonarr" | |
| depends_on: | |
| - transmission | |
| - sabnzbd | |
| # ports: | |
| # - "XXXX:8989" | |
| restart: "unless-stopped" | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| - vpn | |
| volumes: | |
| - {{ mediaserver_config_dir }}/sonarr:/config | |
| - {{ mediaserver_downloads }}:/downloads | |
| - {{ mediaserver_media_tv_path }}:/tv | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| - {{ mediaserver_remote_path }}:/remote_media | |
| - {{ mediaserver_scripts_dir }}:/scripts | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=sonarr" | |
| # - "traefik.frontend.rule=Host:sonarr.{{ external_domainname }},sonarr.{{ internal_domainname }}" | |
| - "traefik.frontend.rule=Host:sonarr.{{ internal_domainname }}" | |
| - "traefik.port=8989" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| # Radarr – Movie Download and Management | |
| radarr: | |
| image: "linuxserver/radarr" | |
| container_name: "radarr" | |
| depends_on: | |
| - transmission | |
| - sabnzbd | |
| # mem_limit: 500m | |
| # ports: | |
| # - "XXXX:7878" | |
| restart: "unless-stopped" | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - {{ mediaserver_config_dir }}/radarr:/config | |
| - {{ mediaserver_downloads }}:/downloads | |
| - {{ mediaserver_media_movies_path }}:/movies | |
| - "/etc/localtime:/etc/localtime:ro" | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| - {{ mediaserver_remote_path }}:/remote_media | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=radarr" | |
| # - "traefik.frontend.rule=Host:radarr.{{ external_domainname }},radarr.{{ internal_domainname }}" | |
| - "traefik.frontend.rule=Host:radarr.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /radarr" | |
| - "traefik.port=7878" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| #LIDARR - Music Download and Management | |
| lidarr: | |
| image: "linuxserver/lidarr" | |
| # image: "linuxserver/lidarr:master" | |
| # image: "linuxserver/lidarr:preview" | |
| hostname: lidarr | |
| container_name: "lidarr" | |
| depends_on: | |
| - transmission | |
| - sabnzbd | |
| # mem_limit: 300m | |
| restart: "unless-stopped" | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - {{ mediaserver_config_dir }}/lidarr:/config | |
| - {{ mediaserver_downloads }}:/downloads | |
| - {{ mediaserver_media_music_path }}:/music | |
| - "/etc/localtime:/etc/localtime:ro" | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| - {{ mediaserver_remote_path }}:/remote_media | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=lidarr" | |
| # - "traefik.frontend.rule=Host:lidarr.{{ external_domainname }},lidarr.{{ internal_domainname }}" | |
| - "traefik.frontend.rule=Host:lidarr.{{ internal_domainname }}" | |
| - "traefik.port=8686" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| ## Medusa – TV Show Download and Management (Alternative) | |
| # medusa: | |
| # image: "linuxserver/medusa" | |
| # hostname: medusa | |
| # container_name: medusa | |
| # depends_on: | |
| # - transmission | |
| # - sabnzbd | |
| # restart: always | |
| # environment: | |
| # - PUID={{ docker_user_uid }} | |
| # - PGID={{ docker_user_gid }} | |
| # - TZ={{ timezone }} | |
| # networks: | |
| # - traefik-public | |
| # volumes: | |
| # - {{ mediaserver_config_dir }}/medusa:/config | |
| ## - {{ mediaserver_downloads_complete }}:/downloads | |
| # - {{ mediaserver_downloads }}:/downloads | |
| # - {{ mediaserver_media_tv_path }}:/tv | |
| # - {{ mediaserver_config_dir }}/shared:/shared | |
| # labels: | |
| # - "traefik.enable=true" | |
| # - "traefik.backend=medusa" | |
| # - "traefik.frontend.rule=Host:medusa.{{ external_domainname }},medusa.{{ internal_domainname }}" | |
| ## - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /medusa" | |
| # - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
| # - "traefik.port=8081" | |
| # - "traefik.docker.network=traefik-public" | |
| # - "traefik.frontend.headers.SSLRedirect=true" | |
| # - "traefik.frontend.headers.STSSeconds=315360000" | |
| # - "traefik.frontend.headers.browserXSSFilter=true" | |
| # - "traefik.frontend.headers.contentTypeNosniff=true" | |
| # - "traefik.frontend.headers.forceSTSHeader=true" | |
| ## - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
| # - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| # - "traefik.frontend.headers.STSPreload=true" | |
| # - "traefik.frontend.headers.frameDeny=true" | |
| ######### Converter ########## | |
| # MakeMKV – MakeMKV is a format converter, otherwise called "transcoder". | |
| # It converts the video clips from proprietary (and usually encrypted) disc into a set of MKV files, | |
| # preserving most information but not changing it in any way. | |
| # The MKV format can store multiple video/audio tracks with all meta-information and preserve chapters. | |
| # ref: https://github.com/jlesage/docker-makemkv | |
| makemkv: | |
| image: "jlesage/makemkv" | |
| hostname: makemkv | |
| container_name: "makemkv" | |
| restart: "unless-stopped" | |
| environment: | |
| - USER_ID={{ docker_user_uid }} | |
| - GROUP_ID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| # - "/docker/appdata/makemkv:/config:rw" | |
| # - "$HOME:/storage:ro" | |
| # - "$HOME/MakeMKV/output:/output:rw" | |
| - {{ mediaserver_config_dir }}/makemkv:/config:rw | |
| - {{ mediaserver_downloads }}:/storage:ro | |
| - {{ mediaserver_media_path }}/makemkv/output:/output:rw | |
| # devices: | |
| # - "/dev/sr0:/dev/sr0" | |
| # - "/dev/sg2:/dev/sg2" | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=makemkv" | |
| # - "traefik.frontend.rule=Host:makemkv.{{ external_domainname }},makemkv.{{ internal_domainname }}" | |
| - "traefik.frontend.rule=Host:makemkv.{{ internal_domainname }}" | |
| - "traefik.port=5800" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| ######### MEDIA SERVER APPS ########## | |
| ## Plex Media Server | |
| # plexms: | |
| # container_name: plexms | |
| # restart: always | |
| # image: plexinc/pms-docker | |
| # volumes: | |
| # - {{ mediaserver_config_dir }}/plex:/config | |
| # - /tmp:/transcode | |
| # - {{ mediaserver_media_path }}:/media | |
| # - {{ mediaserver_config_dir }}/shared:/shared | |
| ## - ${USERDIR}/docker/plexms:/config | |
| ## - ${USERDIR}/Downloads/plex_tmp:/transcode | |
| ## - /media/media:/media | |
| ## - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "32400:32400/tcp" | |
| # - "3005:3005/tcp" | |
| # - "8324:8324/tcp" | |
| # - "32469:32469/tcp" | |
| # - "1900:1900/udp" | |
| # - "32410:32410/udp" | |
| # - "32412:32412/udp" | |
| # - "32413:32413/udp" | |
| # - "32414:32414/udp" | |
| # environment: | |
| # - PLEX_UID={{ docker_user_uid }} | |
| # - PLEX_GID={{ docker_user_gid }} | |
| # - TZ={{ timezone }} | |
| # - HOSTNAME="Docker Plex" | |
| ## - PLEX_CLAIM="claim-YYYYYYYYY" | |
| ## - ADVERTISE_IP="http://SERVER-IP0:32400/" | |
| # - PLEX_CLAIM="claim-YpQntWWifRRQNWohDJw1" | |
| # - ADVERTISE_IP="http://plex.{{ internal_domainname }}:32400/" | |
| ## - ADVERTISE_IP="http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:32400/" | |
| # networks: | |
| # - traefik_proxy | |
| # labels: | |
| # - "traefik.enable=true" | |
| # - "traefik.backend=plexms" | |
| ## - "traefik.frontend.rule=Host:plex.${DOMAINNAME}" | |
| # - "traefik.frontend.rule=Host:plex.{{ internal_domainname }}" | |
| # - "traefik.port=32400" | |
| # - "traefik.protocol=http" | |
| # - "traefik.docker.network=traefik_proxy" | |
| # - "traefik.frontend.headers.SSLRedirect=true" | |
| # - "traefik.frontend.headers.STSSeconds=315360000" | |
| # - "traefik.frontend.headers.browserXSSFilter=true" | |
| # - "traefik.frontend.headers.contentTypeNosniff=true" | |
| # - "traefik.frontend.headers.forceSTSHeader=true" | |
| # - "traefik.frontend.headers.SSLHost=example.com" | |
| # - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| # - "traefik.frontend.headers.STSPreload=true" | |
| # - "traefik.frontend.headers.frameDeny=true" | |
| # Ombi – Accept Requests for your Media Server | |
| ombi: | |
| container_name: ombi | |
| depends_on: | |
| - transmission | |
| - sabnzbd | |
| restart: "unless-stopped" | |
| image: linuxserver/ombi | |
| # mem_limit: 300m | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - {{ mediaserver_config_dir }}/ombi:/config | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=ombi" | |
| - "traefik.frontend.rule=Host:ombi.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:ombi.{{ external_domainname }},ombi.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /ombi" | |
| - "traefik.port=3579" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| ######### SEARCHERS ########## | |
| # NZBHydra – NZB Meta Search | |
| hydra: | |
| # image: "linuxserver/hydra" | |
| image: "linuxserver/hydra2" | |
| container_name: "hydra" | |
| restart: "unless-stopped" | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - {{ mediaserver_config_dir }}/hydra:/config | |
| - {{ mediaserver_downloads }}:/downloads | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=hydra" | |
| - "traefik.frontend.rule=Host:hydra.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:hydra.{{ external_domainname }},hydra.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /hydra" | |
| # - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
| # - "traefik.port=5075" | |
| - "traefik.port=5076" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| # Jackett – Torrent Proxy | |
| jackett: | |
| image: "linuxserver/jackett" | |
| container_name: "jackett" | |
| restart: "unless-stopped" | |
| # mem_limit: 300m | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - "/etc/localtime:/etc/localtime:ro" | |
| - {{ mediaserver_config_dir }}/jackett:/config | |
| - {{ mediaserver_downloads_watch }}:/downloads | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=jackett" | |
| - "traefik.frontend.rule=Host:jackett.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:jackett.{{ external_domainname }},jackett.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:{{ external_domainname }}; PathPrefix: /jackett" | |
| # - "traefik.frontend.auth.basic.usersFile=/shared/.htpasswd" | |
| - "traefik.port=9117" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| ######### UTILITIES ########## | |
| # MariaDB – Database Server for your Apps | |
| mariadb: | |
| image: "linuxserver/mariadb" | |
| container_name: "mariadb" | |
| hostname: mariadb | |
| ports: | |
| - "{{ mysql_port }}:3306" | |
| restart: "unless-stopped" | |
| environment: | |
| - MYSQL_ROOT_PASSWORD={{ mysql_root_password }} | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| - TZ={{ timezone }} | |
| volumes: | |
| - {{ mediaserver_config_dir }}/mariadb:/config | |
| # NextCloud – Your Own Cloud Storage | |
| nextcloud: | |
| container_name: nextcloud | |
| image: linuxserver/nextcloud | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| restart: "unless-stopped" | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - {{ mediaserver_config_dir }}/nextcloud:/config | |
| # - {{ docker_user_home }}/shared_data:/data | |
| - {{ mediaserver_config_dir }}/nextcloud/data:/data | |
| # - {{ mediaserver_config_dir }}/shared:/shared | |
| - {{ mediaserver_shared_data_dir }}:/shared | |
| - {{ mediaserver_media_path }}:/media | |
| - {{ mediaserver_remote_path }}:/remote_media | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=nextcloud" | |
| - "traefik.frontend.rule=Host:nextcloud.{{ external_domainname }},nextcloud.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:nextcloud.{{ internal_domainname }}" | |
| - "traefik.port=443" | |
| - "traefik.protocol=https" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| # Pydio – Your Own Cloud Storage | |
| pydio: | |
| container_name: pydio | |
| hostname: pydio | |
| image: linuxserver/pydio | |
| environment: | |
| - PUID={{ docker_user_uid }} | |
| - PGID={{ docker_user_gid }} | |
| restart: "unless-stopped" | |
| networks: | |
| - traefik-public | |
| volumes: | |
| - "/etc/localtime:/etc/localtime:ro" | |
| - {{ mediaserver_config_dir }}/pydio:/config | |
| - {{ mediaserver_config_dir }}/shared:/shared | |
| # - {{ docker_user_home }}/shared_data:/data | |
| - {{ mediaserver_config_dir }}/pydio/data:/data | |
| - {{ mediaserver_media_path}}:/media | |
| - {{ mediaserver_remote_path }}:/remote_media | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=pydio" | |
| - "traefik.frontend.rule=Host:pydio.{{ external_domainname }},pydio.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:pydio.{{ internal_domainname }}" | |
| - "traefik.port=443" | |
| - "traefik.protocol=https" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| deploy: | |
| mode: global | |
| resources: | |
| limits: | |
| memory: 512M | |
| reservations: | |
| memory: 128M | |
| ## ID management stack per: | |
| ## ref: https://blog.exceptionerror.io/2018/08/29/openldap-keycloak-and-docker/ | |
| ## ref: https://hub.docker.com/_/postgres | |
| postgres: | |
| container_name: "postgres" | |
| # image: postgres | |
| image: postgres:11 | |
| ports: | |
| - "{{ postgres_port }}:5432" | |
| restart: "unless-stopped" | |
| networks: | |
| - net | |
| volumes: | |
| - {{ mediaserver_config_dir }}/postgres/passwd:/etc/passwd:ro | |
| - {{ mediaserver_config_dir }}/postgres/multiple-dbs:/docker-entrypoint-initdb.d | |
| - {{ mediaserver_config_dir }}/postgres/config:/config | |
| - {{ mediaserver_config_dir }}/postgres/data:/var/lib/postgresql/data | |
| # - postgres_data:/var/lib/postgresql/data | |
| environment: | |
| POSTGRES_MULTIPLE_DATABASES: {{ keycloak_postgres_user }},{{ keycloak_postgres_password }}:{{ gitea_postgres_user }},{{ gitea_postgres_password }} | |
| POSTGRES_USER: {{ postgres_user }} | |
| POSTGRES_PASSWORD: {{ postgres_password }} | |
| # healthcheck: | |
| # test: "exit 0" | |
| ## ref: https://medium.com/@wilson.wilson/manage-docker-registry-auth-with-keycloak-e0b4356cf7d0 | |
| healthcheck: | |
| test: 'PGPASSWORD="{{ postgres_password }}" psql --host 127.0.0.1 --username {{ postgres_user }} --dbname postgres -c "select 1" ; [ "0" -eq "$$?" ]; echo $$?' | |
| interval: 30s | |
| timeout: 10s | |
| retries: 3 | |
| ## ref: https://blog.exceptionerror.io/2018/08/29/openldap-keycloak-and-docker/ | |
| ## ref: https://github.com/wolfeidau/keycloak-docker-compose/blob/master/docker-compose.yml | |
| ## ref: https://github.com/jboss-dockerfiles/keycloak/tree/master/docker-compose-examples | |
| ## ref: https://medium.com/@wilson.wilson/manage-docker-registry-auth-with-keycloak-e0b4356cf7d0 | |
| keycloak: | |
| container_name: "keycloak" | |
| image: jboss/keycloak | |
| depends_on: | |
| - postgres | |
| restart: "unless-stopped" | |
| networks: | |
| - traefik-public | |
| - net | |
| environment: | |
| DB_VENDOR: POSTGRES | |
| DB_ADDR: postgres | |
| DB_DATABASE: {{ keycloak_postgres_user }} | |
| DB_USER: {{ keycloak_postgres_user }} | |
| DB_PASSWORD: {{ keycloak_postgres_password }} | |
| KEYCLOAK_USER: {{ keycloak_user }} | |
| KEYCLOAK_PASSWORD: {{ keycloak_password }} | |
| KEYCLOAK_LOGLEVEL: DEBUG | |
| PROXY_ADDRESS_FORWARDING: 'true' | |
| #JDBC_PARAMS: "ssl=true" | |
| ports: | |
| - 8081:8080 | |
| volumes: | |
| - {{ mediaserver_config_dir }}/keycloak/themes:/opt/jboss/keycloak/themes/custome/:rw | |
| # - {{ mediaserver_config_dir }}/keycloak/data:/data | |
| - keycloak_data:/data | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=keycloak" | |
| - "traefik.port=8080" | |
| - "traefik.frontend.rule=Host:auth.{{ external_domainname }},auth.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=Host:keycloak.{{ external_domainname }},keycloak.{{ internal_domainname }}" | |
| # - "traefik.frontend.rule=PathPrefix:/auth" | |
| - "traefik.docker.network=traefik-public" | |
| # - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ external_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| # - "traefik.frontend.headers.frameDeny=true" | |
| healthcheck: | |
| test: ["CMD", "curl", "-f", "http://localhost:8080/auth/"] | |
| interval: 5s | |
| timeout: 2s | |
| retries: 15 | |
| ## ref: https://docs.gitea.io/en-us/install-with-docker/ | |
| ## ref: https://git.habd.as/comfusion/high-tea/src/branch/master/docker-compose.yml | |
| gitea: | |
| container_name: gitea | |
| # image: gitea/gitea:1.6 | |
| image: gitea/gitea:latest | |
| depends_on: | |
| - postgres | |
| environment: | |
| - USER_UID={{ docker_user_uid }} | |
| - USER_GID={{ docker_user_gid }} | |
| - DB_TYPE=postgres | |
| - DB_HOST=postgres:{{ postgres_port }} | |
| - DB_NAME={{ gitea_postgres_user }} | |
| - DB_USER={{ gitea_postgres_user }} | |
| - DB_PASSWD={{ gitea_postgres_password }} | |
| # restart: always | |
| restart: "unless-stopped" | |
| networks: | |
| - traefik-public | |
| - net | |
| volumes: | |
| - {{ mediaserver_config_dir }}/gitea:/data | |
| expose: | |
| - "3000" | |
| # ports: | |
| # - "2222:22" | |
| labels: | |
| # - "traefik.docker.network=web" | |
| # - "traefik.enable=true" | |
| # - "traefik.frontend.rule=Host:git.{{ internal_domainname }}" | |
| # - "traefik.port=3000" | |
| # - "traefik.protocol=http" | |
| - "traefik.enable=true" | |
| - "traefik.backend=gitea" | |
| - "traefik.frontend.rule=Host:gitea.{{ internal_domainname }}" | |
| - "traefik.port=3000" | |
| - "traefik.docker.network=traefik-public" | |
| - "traefik.protocol=http" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost={{ internal_domainname }}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| ## Promotheus/Grafana stack per: | |
| ## ref: https://github.com/stefanprodan/swarmprom/blob/master/docker-compose.traefik.yml | |
| dockerd-exporter: | |
| container_name: "dockerd-exporter" | |
| image: stefanprodan/caddy | |
| networks: | |
| - net | |
| environment: | |
| - DOCKER_GWBRIDGE_IP=172.18.0.1 | |
| configs: | |
| - source: dockerd_config | |
| target: /etc/caddy/Caddyfile | |
| deploy: | |
| mode: global | |
| resources: | |
| limits: | |
| memory: 128M | |
| reservations: | |
| memory: 64M | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment