version: "3.8" services: traefik: image: traefik environment: TRAEFIK_API: "true" TRAEFIK_API_INSECURE: "true" TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: :80 TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: :443 TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt TRAEFIK_CERTIFICATESRESOLVERS_LETSENCYRPT_ACME_EMAIL: neale@woozle.org TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: /acme.json XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true" TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true" TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false" ports: - target: 443 published: 443 mode: host - target: 80 published: 80 mode: host volumes: - type: bind source: /var/run/docker.sock target: /var/run/docker.sock read_only: true - type: bind source: /srv/ext/sys/traefik/acme.json target: /acme.json deploy: labels: traefik.enable: "true" # XXX: This HSTS stuff doesn't seem to be working traefik.frontend.headers.STSSeconds: "31536000" traefik.frontend.headers.STSPreload: "true" traefik.http.routers.dashboard.rule: "Host(`$HOSTNAME`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" traefik.http.routers.dashboard.tls.certresolver: letsencrypt traefik.http.routers.dashboard.middlewares: forward-auth traefik.http.routers.dashboard.service: api@internal traefik.http.middlewares.forward-auth.forwardauth.address: http://simpleauth:8080/ traefik.http.services.traefik.loadbalancer.server.port: "1" simpleauth: image: ghcr.io/nealey/simpleauth secrets: - password deploy: labels: traefik.enable: "true" traefik.http.routers.simpleauth.rule: "PathPrefix(`/`)" traefik.http.services.simpleauth.loadbalancer.server.port: "8080" plex: image: ghcr.io/linuxserver/plex:1.25.2 networks: - hostnet environment: TZ: US/Mountain volumes: - type: bind source: /srv/ext/sys/plex target: /config - type: bind source: /srv target: /srv read_only: true bind: propagation: rslave transmission: image: ghcr.io/linuxserver/transmission networks: - hostnet volumes: - type: bind source: /srv/ext/sys/transmission target: /config - type: bind source: /srv/ext/incoming target: /srv/ext/incoming deploy: labels: traefik.enable: "true" traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)" traefik.http.routers.transmission.tls: "true" traefik.http.routers.transmission.middlewares: forward-auth traefik.http.services.transmission.loadbalancer.server.port: "9091" nextcloud: image: ghcr.io/linuxserver/nextcloud:23.0.0-ls168 environment: OVERWRITEPROTOCOL: https volumes: - type: bind source: /srv/ext/sys/nextcloud target: /config - type: bind source: /srv/ext/storage target: /data - type: bind source: /srv/ext target: /srv/ext read_only: true bind: propagation: rslave - type: bind source: /srv/ext/incoming target: /srv/ext/incoming deploy: labels: traefik.enable: "true" traefik.http.routers.nextcloud.rule: "Host(`drive.woozle.org`) || PathPrefix(`/nextcloud`)" traefik.http.routers.nextcloud.tls: "true" traefik.http.routers.nextcloud.tls.certresolver: letsencrypt traefik.http.routers.nextcloud.middlewares: nextcloud-caldav@docker,sts traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent: "true" traefik.http.middlewares.nextcloud-caldav.redirectregex.regex: ^https://(.*)/.well-known/(card|cal)dav traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement: https://$${1}/remote.php/dav/ traefik.http.middlewares.sts.headers.stsincludesubdomains: "false" traefik.http.middlewares.sts.headers.stspreload: "true" traefik.http.middlewares.sts.headers.stsseconds: "31536000" traefik.http.services.nextcloud.loadbalancer.server.port: "80" redis: image: redis volumes: - type: bind source: /srv/ext/sys/redis target: /var/lib/redis atlas: image: ctassisf/ripe-atlas-alpine:arm64v8 volumes: - type: bind source: /srv/ext/sys/atlas/etc target: /var/atlas-probe/etc - type: bind source: /srv/ext/sys/atlas/status target: /var/atlas-probe/status networks: - hostnet secrets: password: file: password name: password-v1 networks: hostnet: external: true name: host