Update docker-compose ver / use yaml for traefik
This commit is contained in:
parent
13aea680b6
commit
be94b96bc5
161
nas.org
161
nas.org
@ -271,7 +271,7 @@ You can use =latest= instead of the ID.
|
||||
:END:
|
||||
|
||||
#+begin_src yaml
|
||||
version: "3.2"
|
||||
version: "3.4"
|
||||
#+end_src
|
||||
|
||||
** Networks
|
||||
@ -286,6 +286,16 @@ networks:
|
||||
driver: bridge
|
||||
#+end_src
|
||||
|
||||
** Logging
|
||||
#+begin_src yaml
|
||||
x-logging:
|
||||
&default-logging
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "200k"
|
||||
max-file: "10"
|
||||
#+end_src
|
||||
|
||||
** =traefik= - Application proxy
|
||||
#+begin_src yaml
|
||||
services:
|
||||
@ -296,33 +306,6 @@ services:
|
||||
container_name: traefik
|
||||
image: traefik:2.2.1
|
||||
restart: unless-stopped
|
||||
command:
|
||||
- --global.checkNewVersion=true
|
||||
- --global.sendAnonymousUsage=false
|
||||
- --entryPoints.http.address=:80
|
||||
- --entryPoints.https.address=:443
|
||||
- --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
|
||||
- --entryPoints.traefik.address=:8080
|
||||
- --api=true
|
||||
- --api.dashboard=true
|
||||
- --log=true
|
||||
- --log.level=ERROR # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
|
||||
- --accessLog=true
|
||||
- --accessLog.filePath=/var/log/access.log
|
||||
- --accessLog.filters.statusCodes=400-499
|
||||
- --providers.docker=true
|
||||
- --providers.docker.endpoint=unix:///var/run/docker.sock
|
||||
- --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
|
||||
- --providers.docker.exposedByDefault=false
|
||||
- --providers.docker.network=t2_proxy
|
||||
- --providers.docker.swarmMode=false
|
||||
- --providers.file.directory=/rules
|
||||
- --providers.file.watch=true
|
||||
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
|
||||
- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
|
||||
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
|
||||
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
|
||||
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
|
||||
networks:
|
||||
t2_proxy:
|
||||
ipv4_address: 192.168.90.254 # You can specify a static IP
|
||||
@ -336,6 +319,7 @@ services:
|
||||
- $CONFIGDIR/traefik2/rules:/rules
|
||||
- $CONFIGDIR/traefik2/acme/acme.json:/acme.json
|
||||
- $CONFIGDIR/traefik2/shared:/shared
|
||||
- $CONFIGDIR/traefik2/traefik.yaml:/etc/traefik/traefik.yaml
|
||||
- /var/log/traefik:/var/log
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
@ -365,6 +349,55 @@ services:
|
||||
# - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.$DOMAINNAME/'
|
||||
# - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
|
||||
# - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
*** =traefik.yaml=
|
||||
#+begin_src yaml :tangle /ssh:thomas@grenoble:~/docker/config/traefik2/traefik.yaml
|
||||
global:
|
||||
checkNewVersion: true
|
||||
sendAnonymousUsage: false
|
||||
|
||||
entryPoints:
|
||||
traefik:
|
||||
address: :8080
|
||||
http:
|
||||
address: :80
|
||||
https:
|
||||
address: :443
|
||||
forwardedHeaders:
|
||||
trustedIPs: 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
|
||||
|
||||
api:
|
||||
dashboard: true
|
||||
|
||||
log:
|
||||
level: ERROR
|
||||
|
||||
accessLog:
|
||||
filePath: /var/log/access.log
|
||||
filters:
|
||||
statusCodes: 400-499
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: unix:///var/run/docker.sock
|
||||
defaultrule: Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
|
||||
exposedByDefault: false
|
||||
network: t2_proxy
|
||||
swarmMode: false
|
||||
file:
|
||||
directory: /rules
|
||||
watch: true
|
||||
|
||||
certificatesResolvers:
|
||||
dns-cloudflare:
|
||||
acme:
|
||||
email: $CLOUDFLARE_EMAIL
|
||||
storage: /acme.json
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
resolvers: 1.1.1.1:53,1.0.0.1:53
|
||||
#+end_src
|
||||
|
||||
** =homer= - Home page
|
||||
@ -388,6 +421,7 @@ services:
|
||||
- "traefik.http.routers.homer-rtr.tls=true"
|
||||
- "traefik.http.routers.homer-rtr.service=homer-svc"
|
||||
- "traefik.http.services.homer-svc.loadbalancer.server.port=8080"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
*** =config.yml=
|
||||
@ -523,7 +557,7 @@ services:
|
||||
- name: "OctoPrint"
|
||||
logo: "/assets/tools/octoprint.png"
|
||||
subtitle: "3D-Printing"
|
||||
url: "http://192.168.1.56/"
|
||||
url: "https://octoprint.tdehaeze.xyz/"
|
||||
#+end_src
|
||||
|
||||
** =snapraid= - Manage local backup with parity disk
|
||||
@ -543,6 +577,7 @@ services:
|
||||
- PUID=$PUID
|
||||
- PGID=$PGID
|
||||
- TZ=$TZ
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
*** =snapraid.conf=
|
||||
@ -666,6 +701,7 @@ older-than = 10
|
||||
- "traefik.http.routers.portainer-rtr.service=portainer-svc"
|
||||
- "traefik.http.routers.portainer-rtr.middlewares=traefik-auth"
|
||||
- "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =wireguard= - VPN
|
||||
@ -692,6 +728,7 @@ older-than = 10
|
||||
- /lib/modules:/lib/modules
|
||||
ports:
|
||||
- 51820:51820/udp
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =gitea= - Git server
|
||||
@ -721,6 +758,7 @@ older-than = 10
|
||||
- "traefik.http.routers.git-rtr.tls=true"
|
||||
- "traefik.http.routers.git-rtr.service=git-svc"
|
||||
- "traefik.http.services.git-svc.loadbalancer.server.port=3000"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
#+begin_src yaml
|
||||
@ -765,6 +803,7 @@ older-than = 10
|
||||
- "traefik.http.routers.caddy-rtr.tls=true"
|
||||
- "traefik.http.routers.caddy-rtr.service=caddy-svc"
|
||||
- "traefik.http.services.caddy-svc.loadbalancer.server.port=2015"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
*** =Caddyfile=
|
||||
@ -805,6 +844,7 @@ older-than = 10
|
||||
- "traefik.http.routers.dotfiles-rtr.tls=true"
|
||||
- "traefik.http.routers.dotfiles-rtr.service=dotfiles-svc"
|
||||
- "traefik.http.services.dotfiles-svc.loadbalancer.server.port=2015"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
*** =Caddyfile=
|
||||
@ -838,6 +878,7 @@ older-than = 10
|
||||
- "traefik.http.routers.hugo-rtr.tls=true"
|
||||
- "traefik.http.routers.hugo-rtr.service=hugo-svc"
|
||||
- "traefik.http.services.hugo-svc.loadbalancer.server.port=2015"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =syncthing= - File Synchronization
|
||||
@ -872,6 +913,7 @@ older-than = 10
|
||||
- "traefik.http.routers.syncthing-rtr.service=syncthing-svc"
|
||||
- "traefik.http.routers.syncthing-rtr.middlewares=traefik-auth"
|
||||
- "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =miniflux= - RSS reader
|
||||
@ -900,7 +942,10 @@ older-than = 10
|
||||
# - 'traefik.http.routers.miniflux-rtr.middlewares=authelia@docker'
|
||||
- "traefik.http.routers.miniflux-rtr.service=miniflux-svc"
|
||||
- "traefik.http.services.miniflux-svc.loadbalancer.server.port=8080"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
#+begin_src yaml
|
||||
miniflux_db:
|
||||
container_name: miniflux_db
|
||||
image: postgres:12
|
||||
@ -912,6 +957,7 @@ older-than = 10
|
||||
- POSTGRES_PASSWORD=$MINIFLUX_POSTGRES_PASSWORD
|
||||
volumes:
|
||||
- $CONFIGDIR/miniflux_db:/var/lib/postgresql/data
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =homeassistant= - Home Automation
|
||||
@ -949,6 +995,7 @@ older-than = 10
|
||||
- "traefik.http.routers.homeassistant-rtr.service=homeassistant-svc"
|
||||
- "traefik.http.services.homeassistant-svc.loadbalancer.servers.url=http://172.17.0.1:8123"
|
||||
#- "traefik.http.services.homeassistant-svc.loadbalancer.server.port=8123"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =jellyfin= - Media server
|
||||
@ -977,6 +1024,7 @@ older-than = 10
|
||||
- "traefik.http.routers.jellyfin-rtr.tls=true"
|
||||
- "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc"
|
||||
- "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =filebrowser= - Web file browser
|
||||
@ -1003,6 +1051,7 @@ older-than = 10
|
||||
- "traefik.http.routers.filebrowser-rtr.tls=true"
|
||||
- "traefik.http.routers.filebrowser-rtr.service=filebrowser-svc"
|
||||
- "traefik.http.services.filebrowser-svc.loadbalancer.server.port=80"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
*** =.filebrowser.json=
|
||||
@ -1047,6 +1096,7 @@ older-than = 10
|
||||
- /dev/nvme0n1:/dev/nvme0n1
|
||||
ports:
|
||||
- 8089:8080
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =guacamole= - Remote connection
|
||||
@ -1071,6 +1121,7 @@ older-than = 10
|
||||
- "traefik.http.routers.guacamole-rtr.tls=true"
|
||||
- "traefik.http.routers.guacamole-rtr.service=guacamole-svc"
|
||||
- "traefik.http.services.guacamole-svc.loadbalancer.server.port=8080"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =transmission= - Torrent server
|
||||
@ -1113,6 +1164,7 @@ older-than = 10
|
||||
- "traefik.http.routers.transmission-rtr.service=transmission-svc"
|
||||
- "traefik.http.routers.transmission-rtr.middlewares=traefik-auth"
|
||||
- "traefik.http.services.transmission-svc.loadbalancer.server.port=9091"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =aria2= - Download daemon
|
||||
@ -1132,6 +1184,7 @@ older-than = 10
|
||||
- /srv/storage/Downloads:/downloads
|
||||
ports:
|
||||
- 6800:6800
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
*** =aria2.conf=
|
||||
@ -1179,6 +1232,7 @@ split=16
|
||||
- "traefik.http.routers.aria2-rtr.tls=false"
|
||||
- "traefik.http.routers.aria2-rtr.service=aria2-svc"
|
||||
- "traefik.http.services.aria2-svc.loadbalancer.server.port=6880"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =deemix= - Music Download
|
||||
@ -1205,6 +1259,7 @@ split=16
|
||||
- "traefik.http.routers.deemix-rtr.service=deemix-svc"
|
||||
# - "traefik.http.routers.deemix-rtr.middlewares=traefik-auth"
|
||||
- "traefik.http.services.deemix-svc.loadbalancer.server.port=6595"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
*** =.arl=
|
||||
@ -1233,6 +1288,7 @@ split=16
|
||||
- "traefik.http.routers.linkding-rtr.tls=true"
|
||||
- "traefik.http.routers.linkding-rtr.service=linkding-svc"
|
||||
- "traefik.http.services.linkding-svc.loadbalancer.server.port=9090"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
** =restic= - Automatic online backups
|
||||
@ -1240,7 +1296,7 @@ split=16
|
||||
restic:
|
||||
container_name: restic
|
||||
image: mazzolino/restic
|
||||
restart: "no"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- t2_proxy
|
||||
environment:
|
||||
@ -1249,13 +1305,58 @@ split=16
|
||||
- RESTIC_PASSWORD=$RESTIC_PASSWORD
|
||||
- RESTIC_BACKUP_SOURCES=/source
|
||||
- RESTIC_FORGET_ARGS=--keep-daily 7 --keep-weekly 4 --keep-monthly 12
|
||||
- RESTIC_BACKUP_ARGS=--exclude-file /exclude.txt
|
||||
- B2_ACCOUNT_ID=$RESTIC_B2_ACCOUNT_ID
|
||||
- B2_ACCOUNT_KEY=$RESTIC_B2_ACCOUNT_KEY
|
||||
- UID=$PUID
|
||||
- GID=$PGID
|
||||
- TZ=$TZ
|
||||
volumes:
|
||||
- $CONFIGDIR/restic/exclude.txt:/exclude.txt:ro
|
||||
- /srv/storage/Cloud/thesis:/source/Cloud/thesis:ro
|
||||
- /home/thomas/docker:/source/docker:ro
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
*** =exclude.txt= - Exclude files
|
||||
|
||||
#+begin_src conf :tangle /ssh:thomas@grenoble:~/docker/config/restic/exclude.txt
|
||||
*.db
|
||||
*.log
|
||||
*.log.*
|
||||
/source/docker/config/gitea/git/
|
||||
/source/docker/config/guacamole/
|
||||
/source/docker/config/guacamole_db/
|
||||
/source/docker/config/mariadb/
|
||||
/source/docker/config/miniflux_db/
|
||||
/source/docker/config/jellyfin/data/
|
||||
/source/docker/config/dotfiles/www/
|
||||
/source/docker/config/web/www/
|
||||
#+end_src
|
||||
|
||||
** =octoprint= - Web interface for 3D printing
|
||||
#+begin_src yaml
|
||||
octoprint:
|
||||
container_name: octoprint
|
||||
image: octoprint/octoprint
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- t2_proxy
|
||||
environment:
|
||||
- UID=$PUID
|
||||
- GID=$PGID
|
||||
- TZ=$TZ
|
||||
volumes:
|
||||
- $CONFIGDIR/octoprint:/octoprint
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.octoprint-rtr.entrypoints=https"
|
||||
- "traefik.http.routers.octoprint-rtr.rule=Host(`octoprint.$DOMAINNAME`)"
|
||||
- "traefik.http.routers.octoprint-rtr.tls=true"
|
||||
- "traefik.http.routers.octoprint-rtr.service=octoprint-svc"
|
||||
- "traefik.http.routers.octoprint-rtr.middlewares=traefik-auth"
|
||||
- "traefik.http.services.octoprint-svc.loadbalancer.server.port=80"
|
||||
logging: *default-logging
|
||||
#+end_src
|
||||
|
||||
* Docker-Compose OLD :noexport:
|
||||
|
Loading…
Reference in New Issue
Block a user