-
Notifications
You must be signed in to change notification settings - Fork 34
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
106 lines (98 loc) · 3.19 KB
/
Copy pathdocker-compose.yml
File metadata and controls
106 lines (98 loc) · 3.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
---
secrets:
cloudflare-token:
file: ./secrets/cloudflare-token.secret
cloudflare-email:
file: ./secrets/cloudflare-email.secret
openvpn_user:
file: ./secrets/openvpn_user.secret
openvpn_password:
file: ./secrets/openvpn_password.secret
services:
traefik:
image: traefik
container_name: traefik
restart: always
command:
- --log.level=DEBUG
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --api.dashboard=false
- --serversTransport.insecureSkipVerify=true
# Set up LetsEncrypt certificate resolver
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
- --certificatesResolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesResolvers.letsencrypt.acme.dnschallenge.delayBeforeCheck=20
- --certificatesresolvers.letsencrypt.acme.email=${EMAIL_ADDRESS}
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
# Set up an insecure listener that redirects all traffic to TLS
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
# Set up the TLS configuration for our websecure listener
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certResolver=letsencrypt
- --entrypoints.websecure.http.tls.domains[0].main=${DOMAIN}
- --entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}
secrets:
- cloudflare-token
- cloudflare-email
env_file: ./env/traefik.env
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- letsencrypt:/letsencrypt
healthcheck:
test: netstat -ptan | grep -E "443.*LISTEN" || exit 1
interval: 10s
timeout: 3s
start_period: 60s
gluetun:
# See more: https://github.com/qdm12/gluetun-wiki
image: qmcgaw/gluetun
container_name: gluetun
restart: always
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
secrets:
- openvpn_user
- openvpn_password
env_file: ./env/gluetun.env
volumes:
- gluetun:/gluetun
watchtower:
# See more: https://github.com/containrrr/watchtower
image: containrrr/watchtower
container_name: watchtower
env_file: ./env/watchtower.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock
include:
- bittorrent-compose.yml
- arr-compose.yml
# - plex-compose.yml
# - jellyfin-compose.yml
networks:
default:
name: media_network
driver: bridge
attachable: true
volumes:
letsencrypt: # Traefik Lets Encrypt certs.
driver: local
driver_opts:
type: "nfs"
o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536"
device: ":${NFS_VOLUME}/docker_data/letsencrypt"
gluetun: # Gluetun app data.
driver: local
driver_opts:
type: "nfs"
o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536"
device: ":${NFS_VOLUME}/docker_data/gluetun"