version: "3.8" services: traefik: image: traefik environment: TRAEFIK_API: "true" TRAEFIK_API_INSECURE: "true" TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: :80 TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: :443 TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt TRAEFIK_CERTIFICATESRESOLVERS_LETSENCYRPT_ACME_EMAIL: neale@woozle.org TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: /acme.json XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true" TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true" TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false" ports: - target: 443 published: 443 mode: host - target: 80 published: 80 mode: host volumes: - type: bind source: /var/run/docker.sock target: /var/run/docker.sock read_only: true - type: bind source: /srv/ext/sys/traefik/acme.json target: /acme.json deploy: labels: # XXX: This HSTS stuff doesn't seem to be working traefik.enable: "true" traefik.frontend.headers.STSSeconds: "31536000" traefik.frontend.headers.STSPreload: "true" traefik.http.routers.dashboard.rule: "Host(`$FQDN`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" traefik.http.routers.dashboard.tls.certresolver: letsencrypt traefik.http.routers.dashboard.middlewares: forward-auth traefik.http.routers.dashboard.service: api@internal traefik.http.middlewares.forward-auth.forwardauth.address: http://simpleauth:8080/ traefik.http.services.traefik.loadbalancer.server.port: "1" simpleauth: image: ghcr.io/nealey/simpleauth secrets: - password deploy: labels: traefik.enable: "true" traefik.http.routers.simpleauth.rule: "Host(`$FQDN`) && Path(`/`)" traefik.http.services.simpleauth.loadbalancer.server.port: "8080" plex: image: ghcr.io/linuxserver/plex networks: - hostnet environment: TZ: US/Mountain VERSION: public volumes: - type: bind source: /srv/ext/sys/plex target: /config - type: bind source: /srv target: /srv read_only: true bind: propagation: rslave transmission: image: ghcr.io/linuxserver/transmission networks: - hostnet volumes: - type: bind source: /srv/ext/sys/transmission target: /config - type: bind source: /srv/ext/incoming target: /srv/ext/incoming deploy: labels: # This isn't going to work, because transmission binds to the host network. traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)" traefik.http.services.transmission.loadbalancer.server.port: "9091" gitea: image: gitea/gitea:1 environment: USER_UID: 1000 USER_GID: 1000 volumes: - type: bind source: /srv/ext/sys/gitea target: /data - type: bind source: /etc/timezone target: /etc/timezone read_only: true - type: bind source: /etc/localtime target: /etc/localtime read_only: true deploy: labels: traefik.enable: "true" traefik.http.routers.gitea.rule: "Host(`git.woozle.org`)" traefik.http.routers.gitea.middlewares: gitea-striparoo traefik.http.middlewares.gitea-striparoo.stripprefix.prefixes: "/gitea" traefik.http.services.gitea.loadbalancer.server.port: "3000" atlas: image: ctassisf/ripe-atlas-alpine:arm64v8 volumes: - type: bind source: /srv/ext/sys/atlas/etc target: /var/atlas-probe/etc - type: bind source: /srv/ext/sys/atlas/status target: /var/atlas-probe/status networks: - hostnet ## Drop this in to get a netdata container. ## It uses a lot of RAM and causes my machine to swap. ## Granted, it's a lot more lightweight than nextcloud. ## But I can live without netdata. # netdata: # image: netdata/netdata # hostname: $HOSTNAME # volumes: # - type: bind # source: / # target: /host # read_only: true # configs: # - source: netdata.conf # target: /etc/netdata/netdata.conf # deploy: # labels: # traefik.http.routers.netdata.rule: "PathPrefix(`/netdata`)" # traefik.http.middlewares.netdata-striparoo.stripprefix.prefixes: "/netdata" # traefik.http.routers.netdata.middlewares: netdata-striparoo # traefik.http.services.netdata.loadbalancer.server.port: "19999" geneweb: image: ravermeister/geneweb volumes: - type: bind source: /srv/ext/sys/geneweb/etc target: /usr/local/share/geneweb/etc - type: bind source: /srv/ext/sys/geneweb/share/data target: /usr/local/share/geneweb/share/data - type: bind source: /srv/ext/sys/geneweb/log target: /usr/local/share/geneweb/log deploy: labels: traefik.enable: "true" traefik.http.routers.gwsetup.rule: "PathPrefix(`/gwsetup`)" traefik.http.middlewares.gwsetup-striparoo.stripprefix.prefixes: "/gwsetup" traefik.http.routers.gwsetup.middlewares: gwsetup-striparoo,forward-auth traefik.http.routers.gwsetup.service: gwsetup traefik.http.services.gwsetup.loadbalancer.server.port: "2316" traefik.http.routers.geneweb.rule: "Host(`ancestry.woozle.org`)" traefik.http.routers.geneweb.service: geneweb traefik.http.services.geneweb.loadbalancer.server.port: "2317" samba: image: dperson/samba volumes: - type: bind source: /srv/ext target: /srv/ext bind: propagation: rslave environment: NMBD: enable RECYCLE: disable USERID: 911 GROUPID: 911 # name;path;browse;readonly;guest SHARE1: storage;/srv/ext/storage;yes;no;no SHARE2: media;/srv/ext/media;yes;no;no SHARE3: software;/srv/ext/software;yes;no;no SHARE4: backups;/srv/ext/backups;yes;no;no SHARE4: incoming;/srv/ext/incoming;yes;no;no env_file: - samba-users.env ports: - published: 139 target: 139 - published: 445 target: 445 public: image: caddy volumes: - type: bind source: /srv/ext/storage/public target: /usr/share/caddy/public read_only: true deploy: labels: traefik.enable: "true" traefik.http.routers.public.rule: "PathPrefix(`/public`)" traefik.http.services.public.loadbalancer.server.port: "80" configs: netdata.conf: file: netdata.conf name: netdata.conf-v4 secrets: password: file: password name: password-v1 networks: hostnet: external: true name: host