p0rkjello/docker-compose.yml

## docker-compose.yml
version: "3.5"

networks:
  default:
    external:
      name: proxy

services:
  traefik:
    image: traefik:${TRAEFIK_VERSION:-latest}
    container_name: traefik
    command:
      # Logs
      - --log.level=INFO
      - --log.filePath=/logs/traefik.log
      - --accessLog.filePath=/logs/access.log
      - --accessLog.bufferingSize=100
      # Global
      - --api=true
      - --api.dashboard=true
      - --global.sendAnonymousUsage=false
      # Docker
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      # Entrypoints
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls.certresolver=letsEncrypt
      # LetsEncrypt
      - --certificatesresolvers.letsEncrypt.acme.dnschallenge=true
      - --certificatesresolvers.letsEncrypt.acme.email=${CLOUDFLARE_EMAIL}
      - --certificatesresolvers.letsEncrypt.acme.dnschallenge.provider=cloudflare
      # Staging server
      # - --certificatesresolvers.letsEncrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.letsEncrypt.acme.storage=/etc/traefik/acme.json
    ports:
      - "80:80"
      - "443:443"
    environment:
      - CF_API_EMAIL=${CLOUDFLARE_EMAIL}
      - CF_API_KEY=${CLOUDFLARE_API_KEY}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${CONTAINER_HOME:-.}/traefik/acme.json:/etc/traefik/acme.json
      - ${CONTAINER_HOME:-.}/traefik/logs:/logs
    labels:
      # api
      - traefik.enable=true
      # middleware redirect
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      # redirection HTTP to HTTPS
      - traefik.http.routers.http_catchall.rule=hostregexp(`{host:.+}`)
      - traefik.http.routers.http_catchall.entrypoints=web
      - traefik.http.routers.http_catchall.middlewares=redirect-to-https
      - traefik.http.routers.traefik.tls.certresolver=letsEncrypt
      - traefik.http.routers.traefik.tls.domains[0].main=${DOMAINNAME}
      - traefik.http.routers.traefik.tls.domains[0].sans=*.${DOMAINNAME}
      # dashboard
      - traefik.http.routers.traefik.rule=Host(`traefik.${DOMAINNAME}`)
      - traefik.http.routers.traefik.entrypoints=websecure
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.tls=true
    restart: unless-stopped

  watchtower:
    image: containrrr/watchtower:${WATCHTOWER_VERSION:-latest}
    container_name: watchtower
    command: --label-enable --cleanup --interval 86400
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      # watchtower
      - com.centurylinklabs.watchtower.enable=true
    restart: unless-stopped

  whoami:
    image: traefik/whoami:${WHOAMI_VERSION:-latest}
    container_name: whoami
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`whoami.${DOMAINNAME}`)
      - traefik.http.routers.whoami.tls=true
      - traefik.http.routers.whoami.tls.certresolver=letsEncrypt

  unifi:
    image: linuxserver/unifi-controller:${UNIFI_VERSION:-latest}
    container_name: unifi
    ports:
      - "3478/udp"
      - "10001/udp"
      - "8080"
      - "8443"
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    volumes:
      - ${CONTAINER_HOME:-.}/unifi/config:/config
    labels:
      # traefik
      - traefik.enable=true
      - traefik.http.routers.unifi.rule=Host(`unifi.${DOMAINNAME}`)
      - traefik.http.routers.unifi.entrypoints=websecure
      - traefik.http.routers.unifi.tls=true
      - traefik.http.routers.unifi.tls.certresolver=letsEncrypt
      - traefik.http.services.unifi.loadbalancer.server.scheme=https
      - traefik.http.services.unifi.loadbalancer.server.port=8443
      # watchtower
      - com.centurylinklabs.watchtower.enable=true
    restart: unless-stopped

  portainer:
    image: portainer/portainer:${PORTAINER_VERSION:-latest}
    container_name: portainer
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${CONTAINER_HOME:-.}/portainer/data:/data
    labels:
      # traefik
      - traefik.enable=true
      - traefik.http.routers.portainer.rule=Host(`portainer.${DOMAINNAME}`)
      - traefik.http.routers.portainer.tls=true
      - traefik.http.routers.portainer.tls.certresolver=letsEncrypt
      # watchtower
      - com.centurylinklabs.watchtower.enable=true
    restart: unless-stopped

  teamcity:
    image: jetbrains/teamcity-server:${TEAMCITY_VERSION:-latest}
    container_name: teamcity
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${CONTAINER_HOME:-.}/teamcity/data:/data/teamcity_server/datadir
      - ${CONTAINER_HOME:-.}/teamcity/logs:/opt/teamcity/logs
    labels:
      # traefik
      - traefik.enable=true
      - traefik.http.routers.teamcity.rule=Host(`teamcity.${DOMAINNAME}`)
      - traefik.http.routers.teamcity.tls=true
      - traefik.http.routers.teamcity.tls.certresolver=letsEncrypt
      # watchtower
      - com.centurylinklabs.watchtower.enable=true
    restart: unless-stopped

  rancher:
    image: rancher/rancher:${RANCHER_VERSION:-latest}
    container_name: rancher
    privileged: true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "80"
      - "443"
    labels:
      # traefik
      - traefik.enable=true
      - traefik.http.routers.rancher.rule=Host(`rancher.${DOMAINNAME}`)
      - traefik.http.routers.rancher.tls=true
      - traefik.http.routers.rancher.tls.certresolver=letsEncrypt
      # watchtower
      - com.centurylinklabs.watchtower.enable=true
    restart: unless-stopped
	version: "3.5"

	networks:
	default:
	external:
	name: proxy

	services:
	traefik:
	image: traefik:${TRAEFIK_VERSION:-latest}
	container_name: traefik
	command:
	# Logs
	- --log.level=INFO
	- --log.filePath=/logs/traefik.log
	- --accessLog.filePath=/logs/access.log
	- --accessLog.bufferingSize=100
	# Global
	- --api=true
	- --api.dashboard=true
	- --global.sendAnonymousUsage=false
	# Docker
	- --providers.docker=true
	- --providers.docker.exposedbydefault=false
	- --providers.docker.endpoint=unix:///var/run/docker.sock
	# Entrypoints
	- --entrypoints.web.address=:80
	- --entrypoints.websecure.address=:443
	- --entrypoints.websecure.http.tls.certresolver=letsEncrypt
	# LetsEncrypt
	- --certificatesresolvers.letsEncrypt.acme.dnschallenge=true
	- --certificatesresolvers.letsEncrypt.acme.email=${CLOUDFLARE_EMAIL}
	- --certificatesresolvers.letsEncrypt.acme.dnschallenge.provider=cloudflare
	# Staging server
	# - --certificatesresolvers.letsEncrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
	- --certificatesresolvers.letsEncrypt.acme.storage=/etc/traefik/acme.json
	ports:
	- "80:80"
	- "443:443"
	environment:
	- CF_API_EMAIL=${CLOUDFLARE_EMAIL}
	- CF_API_KEY=${CLOUDFLARE_API_KEY}
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	- ${CONTAINER_HOME:-.}/traefik/acme.json:/etc/traefik/acme.json
	- ${CONTAINER_HOME:-.}/traefik/logs:/logs
	labels:
	# api
	- traefik.enable=true
	# middleware redirect
	- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
	# redirection HTTP to HTTPS
	- traefik.http.routers.http_catchall.rule=hostregexp(`{host:.+}`)
	- traefik.http.routers.http_catchall.entrypoints=web
	- traefik.http.routers.http_catchall.middlewares=redirect-to-https
	- traefik.http.routers.traefik.tls.certresolver=letsEncrypt
	- traefik.http.routers.traefik.tls.domains[0].main=${DOMAINNAME}
	- traefik.http.routers.traefik.tls.domains[0].sans=*.${DOMAINNAME}
	# dashboard
	- traefik.http.routers.traefik.rule=Host(`traefik.${DOMAINNAME}`)
	- traefik.http.routers.traefik.entrypoints=websecure
	- traefik.http.routers.traefik.service=api@internal
	- traefik.http.routers.traefik.tls=true
	restart: unless-stopped

	watchtower:
	image: containrrr/watchtower:${WATCHTOWER_VERSION:-latest}
	container_name: watchtower
	command: --label-enable --cleanup --interval 86400
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	labels:
	# watchtower
	- com.centurylinklabs.watchtower.enable=true
	restart: unless-stopped

	whoami:
	image: traefik/whoami:${WHOAMI_VERSION:-latest}
	container_name: whoami
	labels:
	- traefik.enable=true
	- traefik.http.routers.whoami.rule=Host(`whoami.${DOMAINNAME}`)
	- traefik.http.routers.whoami.tls=true
	- traefik.http.routers.whoami.tls.certresolver=letsEncrypt

	unifi:
	image: linuxserver/unifi-controller:${UNIFI_VERSION:-latest}
	container_name: unifi
	ports:
	- "3478/udp"
	- "10001/udp"
	- "8080"
	- "8443"
	environment:
	- PUID=${PUID}
	- PGID=${PGID}
	- TZ=${TZ}
	volumes:
	- ${CONTAINER_HOME:-.}/unifi/config:/config
	labels:
	# traefik
	- traefik.enable=true
	- traefik.http.routers.unifi.rule=Host(`unifi.${DOMAINNAME}`)
	- traefik.http.routers.unifi.entrypoints=websecure
	- traefik.http.routers.unifi.tls=true
	- traefik.http.routers.unifi.tls.certresolver=letsEncrypt
	- traefik.http.services.unifi.loadbalancer.server.scheme=https
	- traefik.http.services.unifi.loadbalancer.server.port=8443
	# watchtower
	- com.centurylinklabs.watchtower.enable=true
	restart: unless-stopped

	portainer:
	image: portainer/portainer:${PORTAINER_VERSION:-latest}
	container_name: portainer
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- ${CONTAINER_HOME:-.}/portainer/data:/data
	labels:
	# traefik
	- traefik.enable=true
	- traefik.http.routers.portainer.rule=Host(`portainer.${DOMAINNAME}`)
	- traefik.http.routers.portainer.tls=true
	- traefik.http.routers.portainer.tls.certresolver=letsEncrypt
	# watchtower
	- com.centurylinklabs.watchtower.enable=true
	restart: unless-stopped

	teamcity:
	image: jetbrains/teamcity-server:${TEAMCITY_VERSION:-latest}
	container_name: teamcity
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- ${CONTAINER_HOME:-.}/teamcity/data:/data/teamcity_server/datadir
	- ${CONTAINER_HOME:-.}/teamcity/logs:/opt/teamcity/logs
	labels:
	# traefik
	- traefik.enable=true
	- traefik.http.routers.teamcity.rule=Host(`teamcity.${DOMAINNAME}`)
	- traefik.http.routers.teamcity.tls=true
	- traefik.http.routers.teamcity.tls.certresolver=letsEncrypt
	# watchtower
	- com.centurylinklabs.watchtower.enable=true
	restart: unless-stopped

	rancher:
	image: rancher/rancher:${RANCHER_VERSION:-latest}
	container_name: rancher
	privileged: true
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	ports:
	- "80"
	- "443"
	labels:
	# traefik
	- traefik.enable=true
	- traefik.http.routers.rancher.rule=Host(`rancher.${DOMAINNAME}`)
	- traefik.http.routers.rancher.tls=true
	- traefik.http.routers.rancher.tls.certresolver=letsEncrypt
	# watchtower
	- com.centurylinklabs.watchtower.enable=true
	restart: unless-stopped