diff --git a/dashboard/docker-compose.yaml b/dashboard/docker-compose.yaml index e53b870..a6b4896 100644 --- a/dashboard/docker-compose.yaml +++ b/dashboard/docker-compose.yaml @@ -10,6 +10,10 @@ services: environment: - INIT_ASSETS=1 labels: + - "traefik.enable=true" + - "traefik.http.routers.homer.rule=Host(`dashboard.${DOMAIN}`)" + - "traefik.http.routers.homer.entrypoints=web" + - "traefik.http.services.homer.loadbalancer.server.port=8080" - "docker.group=dashboard" restart: unless-stopped diff --git a/download/docker-compose.yaml b/download/docker-compose.yaml index 597dbbe..cd57060 100644 --- a/download/docker-compose.yaml +++ b/download/docker-compose.yaml @@ -1,6 +1,6 @@ services: - pyload: + app: image: linuxserver/pyload-ng environment: - PUID=1000 @@ -9,9 +9,16 @@ services: volumes: - ${VOLUMES_PATH}/download/pyload:/config - ${DOWNLOAD_PATH}:/downloads +# ports: + #- 7227:7227 #optional Thrift Backend networks: - web labels: + - "traefik.enable=true" + - "traefik.http.routers.pyload.rule=Host(`download.${DOMAIN}`)" + - "traefik.http.routers.pyload.entrypoints=web" + - "traefik.http.services.pyload.loadbalancer.server.port=8000" + - "docker.group=selfhost" - "docker.group=download" restart: unless-stopped diff --git a/media/docker-compose.yml b/media/docker-compose.yml index fffe864..c4bb361 100644 --- a/media/docker-compose.yml +++ b/media/docker-compose.yml @@ -28,4 +28,16 @@ services: # - /dev/dri/renderD128:/dev/dri/renderD128 # - /dev/dri/card0:/dev/dri/card0 labels: + - "traefik.enable=true" + - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)" + - "traefik.http.routers.jellyfin.entrypoints=web" + - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" + - 'traefik.http.middlewares.jellyfin-mw.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + - 'traefik.http.middlewares.jellyfin-mw.headers.frameDeny=true' + - 'traefik.http.middlewares.jellyfin-mw.headers.contentTypeNosniff=true' + - 'traefik.http.middlewares.jellyfin-mw.headers.customresponseheaders.X-XSS-PROTECTION=1' + - 'traefik.http.middlewares.jellyfin-mw.headers.browserXSSFilter=true' + - "traefik.http.middlewares.jellyfin-mw.headers.customFrameOptionsValue='allow-from http://jellyfin.${DOMAIN}'" + - "traefik.http.middlewares.jellyfin-mw.headers.customrequestheaders.X-Forwarded-Proto: https" + - 'traefik.http.routers.jellyfin.middlewares=jellyfin-mw' - "docker.group=media" diff --git a/monitoring/docker-compose.yaml b/monitoring/docker-compose.yaml index a8debb3..0bb4db6 100644 --- a/monitoring/docker-compose.yaml +++ b/monitoring/docker-compose.yaml @@ -9,6 +9,11 @@ services: - web - monitoring labels: + - "traefik.enable=true" + - "traefik.http.routers.monitoring.rule=Host(`monitoring.${DOMAIN}`)" + - "traefik.http.routers.monitoring.entrypoints=web" + - "traefik.http.services.monitoring.loadbalancer.server.port=3000" + - "traefik.docker.network=web" - "docker.group=monitoring" environment: - GF_DEFAULT_INSTANCE_NAME=monitoring.${DOMAIN} @@ -57,6 +62,11 @@ services: - ${VOLUMES_PATH}/monitoring/influxdb/:/var/lib/influxdb - ${PWD}/influxdb.conf:/etc/influxdb/influxdb.conf:ro labels: + - "traefik.enable=true" + - "traefik.http.routers.influxdb.rule=Host(`influxdb.${DOMAIN}`)" + - "traefik.http.routers.influxdb.entrypoints=web" + - "traefik.http.services.influxdb.loadbalancer.server.port=8086" + - "traefik.docker.network=web" - "docker.group=monitoring" @@ -69,6 +79,11 @@ services: - dockersocket restart: unless-stopped labels: + - "traefik.enable=true" + - "traefik.http.routers.uptimekuma.rule=Host(`uptime.${DOMAIN}`)" + - "traefik.http.routers.uptimekuma.entrypoints=web" + - "traefik.http.services.uptimekuma.loadbalancer.server.port=3001" + - "traefik.docker.network=web" - "docker.group=monitoring" networks: diff --git a/paperless/docker-compose.yaml b/paperless/docker-compose.yaml index 6c30a30..53c1caf 100644 --- a/paperless/docker-compose.yaml +++ b/paperless/docker-compose.yaml @@ -59,6 +59,11 @@ services: - USERMAP_GID=1000 - PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py labels: + - "traefik.enable=true" + - "traefik.http.routers.paperless.rule=Host(`paperless.${DOMAIN}`)" + - "traefik.http.routers.paperless.entrypoints=web" + - "traefik.http.services.paperless.loadbalancer.server.port=8000" + - "traefik.docker.network=web" - "docker.group=paperless" diff --git a/proxy/Caddyfile b/proxy/Caddyfile deleted file mode 100644 index eabf0ec..0000000 --- a/proxy/Caddyfile +++ /dev/null @@ -1,52 +0,0 @@ -{ - auto_https off -} - -http://whoami.lan { - reverse_proxy whoami:80 -} - -http://dashboard.lan { - reverse_proxy homer:8080 -} - -http://hassi.lan { -# reverse_proxy homeassistant:8123 - reverse_proxy dockerhost-1.lan:8123 -} - -http://zigbee2mqtt.lan { - reverse_proxy zigbee2mqtt:8080 -} - -http://jellyfin.lan { - reverse_proxy jellyfin:8096 -} - -http://paperless.lan { - reverse_proxy paperless-ngx:8000 -} - -http://download.lan { - reverse_proxy pyload:8000 -} - -http://monitoring.lan { - reverse_proxy grafana:3000 -} - -http://influxdb.lan { - reverse_proxy influxdb:8086 -} - -http://uptime.lan { - reverse_proxy uptime-kuma:3001 -} - -http://torrent.lan { - reverse_proxy transmission:9091 -} - -:80, :443 { - respond 404 -} diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml index b9e91d5..9600d1d 100644 --- a/proxy/docker-compose.yaml +++ b/proxy/docker-compose.yaml @@ -1,25 +1,54 @@ services: - caddy: - image: caddy:2 - restart: unless-stopped + traefik: + image: traefik:${TRAEFIK_VERSION} + restart: always ports: - - 80:80 + - "80:80" + - "443:443" + networks: + - web + - dockersocket volumes: - - ${VOLUMES_PATH}/proxy/caddy/data:/data - - ${VOLUMES_PATH}/proxy/caddy/config:/config - - ./Caddyfile:/etc/caddy/Caddyfile:ro - networks: - - web - - - whoami: - image: containous/whoami - networks: - - web + - "$PWD/traefik.yml:/etc/traefik/traefik.yml" + - "$PWD/extraProviders/:/extraProviders:ro" labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.rule=Host(`traefik.${HOSTNAME}`)" + - "traefik.http.routers.traefik.entrypoints=web" + - "traefik.http.services.traefik.loadbalancer.server.port=8080" - "docker.group=proxy" + extra_hosts: + - host.docker.internal:172.17.0.1 + depends_on: + - docker-socket-proxy + + + docker-socket-proxy: + image: tecnativa/docker-socket-proxy restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + # grant privileges as environment variables: https://github.com/Tecnativa/docker-socket-proxy#grant-or-revoke-access-to-certain-api-sections + - CONTAINERS=1 + - INFO=1 + networks: + - dockersocket + privileged: true + + +# whoami: +# image: containous/whoami +# networks: +# - web +# labels: +# - "traefik.enable=true" +# - "traefik.http.routers.whoami.rule=Host(`whoami.${HOSTNAME}`)" +# - "traefik.http.routers.whoami.entrypoints=web" +# - "traefik.http.services.whoami.loadbalancer.server.port=80" +# - "docker.group=proxy" +# restart: unless-stopped networks: diff --git a/proxy/traefik.yml b/proxy/traefik.yml new file mode 100644 index 0000000..587f802 --- /dev/null +++ b/proxy/traefik.yml @@ -0,0 +1,23 @@ +debug: true +checkNewVersion: true +logLevel: INFO +#defaultEntryPoints: ["https","http"] +defaultEntryPoints: [http] + +api: + insecure: true + +providers: + docker: + exposedbydefault: false + endpoint: "tcp://docker-socket-proxy:2375" + + file: + directory: /extraProviders + + +entryPoints: + web: + address: ':80' + + diff --git a/smartHome/docker-compose.yaml b/smartHome/docker-compose.yaml index 026778b..52b697a 100644 --- a/smartHome/docker-compose.yaml +++ b/smartHome/docker-compose.yaml @@ -10,23 +10,25 @@ services: restart: unless-stopped network_mode: host labels: + - "traefik.enable=true" + - "traefik.http.routers.hassi.rule=Host(`hassi.${DOMAIN}`)" + - "traefik.http.routers.hassi.entrypoints=web" + - "traefik.http.services.hassi.loadbalancer.server.port=8123" - "docker.group=smartHome" - mqttbroker: image: eclipse-mosquitto:${MOSQUITTO_VERSION} restart: unless-stopped - networks: - - smarthome - ports: - - 1883:1883 # mqtt over TCP + network_mode: host + expose: + - 1883 + #ports: + # - 1883:1883 # mqtt over TCP # - 9001:9001 # Websockets volumes: - ./mosquitto.conf:/mosquitto/config/mosquitto.conf - ${VOLUMES_PATH}/smartHome/mosquitto/data:/mosquitto/data - ${VOLUMES_PATH}/smartHome/mosquitto/log:/mosquitto/log - labels: - - "docker.group=smartHome" zigbee2mqtt: @@ -41,12 +43,14 @@ services: - ${ZIGBEE_DEVICE}:/dev/ttyACM0 networks: - web - - smarthome labels: + - "traefik.enable=true" + - "traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.${DOMAIN}`)" + - "traefik.http.routers.zigbee2mqtt.entrypoints=web" + - "traefik.http.services.zigbee2mqtt.loadbalancer.server.port=8080" - "docker.group=smartHome" networks: web: external: true - smarthome: diff --git a/torrent/docker-compose.yaml b/torrent/docker-compose.yaml index 6331459..506235e 100644 --- a/torrent/docker-compose.yaml +++ b/torrent/docker-compose.yaml @@ -18,6 +18,10 @@ services: - 51413:51413/udp restart: unless-stopped labels: + - "traefik.enable=true" + - "traefik.http.routers.torrent.rule=Host(`torrent.${DOMAIN}`)" + - "traefik.http.routers.torrent.entrypoints=web" + - "traefik.http.services.torrent.loadbalancer.server.port=9091" - "docker.group=torrent" mem_limit: 512m