API tools faq
paste
viggy96

container_config

viggy96
Dec 20th, 2019
2,889
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.78 KB | None | 0 0
raw download clone embed print report
  1. /********************************************************************
  2. * Directory structure
  3. *********************************************************************/
  4. ~/containers
  5. - service
  6. - traefik.yaml
  7. - config.yaml
  8. - acme.json
  9. - docker-compose.yaml
  10. - cloud (for nextcloud)
  11. - docker-compose.yaml
  12. - media (for jellyfin and other media containers)
  13. - docker-compose.yaml
  14. - dev (for gitea and jenkins)
  15. - docker-compose.yaml
  16.  
  17.  
  18. /********************************************************************
  19. * traefik.yaml
  20. *********************************************************************/
  21. api:
  22. dashboard: true
  23. debug: true
  24.  
  25. log:
  26. level: PANIC
  27.  
  28. accessLog:
  29. filePath: "/access.log"
  30. bufferingSize: 100
  31.  
  32. entryPoints:
  33. http:
  34. address: ":80"
  35. https:
  36. address: ":443"
  37.  
  38. providers:
  39. docker:
  40. endpoint: "unix:///var/run/docker.sock"
  41. exposedByDefault: false
  42. file:
  43. filename: "/config.yaml"
  44. watch: true
  45.  
  46. certificatesResolvers:
  47. http:
  48. acme:
  49. email: "admin@DOMAIN"
  50. storage: "/acme.json"
  51. httpChallenge:
  52. entryPoint: http
  53.  
  54. /********************************************************************
  55. * config.yaml
  56. *********************************************************************/
  57. http:
  58. middlewares:
  59. https-redirect:
  60. redirectScheme:
  61. scheme: https
  62.  
  63. default-headers:
  64. headers:
  65. frameDeny: true
  66. sslRedirect: true
  67. browserXssFilter: true
  68. contentTypeNosniff: true
  69. stsSeconds: 63072000
  70. forceSTSHeader: true
  71. stsIncludeSubdomains: true
  72. stsPreload: true
  73.  
  74. local-only:
  75. ipWhiteList:
  76. sourceRange:
  77. - "192.168.0.0/16"
  78. - "172.16.0.0/12"
  79. - "10.0.0.0/8"
  80.  
  81. secure:
  82. chain:
  83. middlewares:
  84. - https-redirect
  85. - default-headers
  86.  
  87. private:
  88. chain:
  89. middlewares:
  90. - https-redirect
  91. - default-headers
  92. - local-only
  93.  
  94. tls:
  95. options:
  96. default:
  97. minVersion: VersionTLS12
  98. sniStrict: true
  99. curvePreferences:
  100. - "CurveP521"
  101. - "CurveP384"
  102. cipherSuites:
  103. - "TLS_AES_256_GCM_SHA384"
  104. - "TLS_CHACHA20_POLY1305_SHA256"
  105. #- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  106. #- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  107. - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  108.  
  109. /********************************************************************
  110. * service/docker-compose.yaml
  111. *********************************************************************/
  112. version: '3'
  113.  
  114. # service containers
  115. services:
  116.  
  117. watchtower:
  118. image: containrrr/watchtower:latest
  119. restart: always
  120. volumes:
  121. - /var/run/docker.sock:/var/run/docker.sock:ro
  122.  
  123. traefik:
  124. image: traefik:latest
  125. restart: always
  126. security_opt:
  127. - no-new-privileges:true
  128. networks:
  129. - default
  130. - dev
  131. - cloud
  132. - media
  133. ports:
  134. - 80:80
  135. - 443:443
  136. environment:
  137. - TZ=America/New_York
  138. volumes:
  139. - /etc/localtime:/etc/localtime:ro
  140. - /var/run/docker.sock:/var/run/docker.sock:ro
  141. - ./traefik.yaml:/traefik.yaml:ro
  142. - ./config.yaml:/config.yaml:ro
  143. - ./access.log:/access.log
  144. - ./acme.json:/acme.json
  145. labels:
  146. - "traefik.enable=true"
  147. - "traefik.http.routers.traefik.entrypoints=http"
  148. - "traefik.http.routers.traefik.rule=Host(`traefik.DOMAIN`)"
  149. - "traefik.http.routers.traefik-secure.rule=Host(`traefik.DOMAIN`)"
  150. - "traefik.http.routers.traefik-secure.middlewares=private@file"
  151. - "traefik.http.routers.traefik-secure.tls=true"
  152. - "traefik.http.routers.traefik-secure.tls.certresolver=http"
  153. #- "traefik.http.routers.traefik-secure.tls.options=default@file"
  154. - "traefik.http.routers.traefik-secure.service=api@internal"
  155.  
  156. subspace:
  157. image: subspacecloud/subspace:latest
  158. restart: always
  159. sysctls:
  160. - net.ipv6.conf.all.disable_ipv6=0
  161. cap_add:
  162. - NET_ADMIN
  163. volumes:
  164. - /usr/bin/wg:/usr/bin/wg:ro
  165. - /tank/container_data/subspace:/data
  166. environment:
  167. - TZ=America/New_York
  168. - SUBSPACE_HTTP_HOST=subspace.DOMAIN
  169. - SUBSPACE_HTTP_INSECURE=true
  170. - SUBSPACE_LETSENCRYPT=false
  171. expose:
  172. - 80
  173. ports:
  174. - 51820:51820/udp
  175. labels:
  176. - "traefik.enable=true"
  177. - "traefik.http.services.subspace.loadbalancer.server.port=80"
  178. - "traefik.http.routers.subspace.entrypoints=http"
  179. - "traefik.http.routers.subspace.rule=Host(`subspace.DOMAIN`)"
  180. - "traefik.http.routers.subspace-secure.rule=Host(`subspace.DOMAIN`)"
  181. - "traefik.http.routers.subspace-secure.middlewares=private@file"
  182. - "traefik.http.routers.subspace-secure.tls=true"
  183. - "traefik.http.routers.subspace-secure.tls.certresolver=http"
  184.  
  185. nfs:
  186. image: itsthenetwork/nfs-server-alpine:latest
  187. restart: always
  188. privileged: true
  189. volumes:
  190. - /tank/nfs:/nfs
  191. environment:
  192. - SHARED_DIRECTORY=/nfs
  193. ports:
  194. - 2049:2049
  195.  
  196. # external networks
  197. networks:
  198.  
  199. cloud:
  200. external:
  201. name: cloud_default
  202.  
  203. media:
  204. external:
  205. name: media_default
  206.  
  207. dev:
  208. external:
  209. name: dev_default
  210.  
  211. /********************************************************************
  212. * media/docker-compose.yaml
  213. *********************************************************************/
  214. version: '3'
  215.  
  216. # media containers
  217. services:
  218.  
  219. jellyfin:
  220. image: jellyfin/jellyfin:latest
  221. restart: always
  222. environment:
  223. - UID=33
  224. - GID=33
  225. - TZ=America/New_York
  226. devices:
  227. - /dev/dri
  228. volumes:
  229. - /tank/container_data/jellyfin_config:/config
  230. - /tank/container_data/jellyfin_cache:/cache
  231. - /tank/cloud/videos/:/media/video
  232. - /tank/cloud/music:/media/music
  233. expose:
  234. - 8096
  235. ports:
  236. - 1900:1900/udp
  237. labels:
  238. - "traefik.enable=true"
  239. - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
  240. - "traefik.http.routers.jellyfin.entrypoints=http"
  241. - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.DOMAIN`)"
  242. - "traefik.http.routers.jellyfin-secure.rule=Host(`jellyfin.DOMAIN`)"
  243. - "traefik.http.routers.jellyfin-secure.middlewares=secure@file"
  244. - "traefik.http.routers.jellyfin-secure.tls=true"
  245. - "traefik.http.routers.jellyfin-secure.tls.certresolver=http"
  246.  
  247. deluge:
  248. image: linuxserver/deluge:latest
  249. restart: always
  250. environment:
  251. - PUID=33
  252. - PGID=33
  253. - UMASK_SET=022
  254. - TZ=America/New_York
  255. volumes:
  256. - /tank/container_data/deluged:/config
  257. - /tank/downloads:/downloads
  258. expose:
  259. - 8112
  260. ports:
  261. - 65525-65535:65525-65535
  262. labels:
  263. - "traefik.enable=true"
  264. - "traefik.http.services.deluge.loadbalancer.server.port=8112"
  265. - "traefik.http.routers.deluge.entrypoints=http"
  266. - "traefik.http.routers.deluge.rule=Host(`deluge.DOMAIN`)"
  267. - "traefik.http.routers.deluge-secure.rule=Host(`deluge.DOMAIN`)"
  268. - "traefik.http.routers.deluge-secure.middlewares=private@file"
  269. - "traefik.http.routers.deluge-secure.tls=true"
  270. - "traefik.http.routers.deluge-secure.tls.certresolver=http"
  271.  
  272. jackett:
  273. image: linuxserver/jackett:latest
  274. restart: always
  275. environment:
  276. - PUID=33
  277. - PGID=33
  278. - TZ=America/New_York
  279. volumes:
  280. - /tank/container_data/jackett:/config
  281. - /tank/downloads:/downloads
  282. expose:
  283. - 9117
  284. labels:
  285. - "traefik.enable=true"
  286. - "traefik.http.services.jackett.loadbalancer.server.port=9117"
  287. - "traefik.http.routers.jackett.entrypoints=http"
  288. - "traefik.http.routers.jackett.rule=Host(`jackett.DOMAIN`)"
  289. - "traefik.http.routers.jackett-secure.rule=Host(`jackett.DOMAIN`)"
  290. - "traefik.http.routers.jackett-secure.middlewares=private@file"
  291. - "traefik.http.routers.jackett-secure.tls=true"
  292. - "traefik.http.routers.jackett-secure.tls.certresolver=http"
  293.  
  294. sonarr:
  295. image: linuxserver/sonarr:preview
  296. restart: always
  297. environment:
  298. - PUID=33
  299. - PGID=33
  300. - TZ=America/New_York
  301. volumes:
  302. - /tank/container_data/sonarr:/config
  303. - /tank/cloud/videos/TV:/tv
  304. - /tank/downloads:/downloads
  305. expose:
  306. - 8989
  307. depends_on:
  308. - deluge
  309. - jackett
  310. labels:
  311. - "traefik.enable=true"
  312. - "traefik.http.services.sonarr.loadbalancer.server.port=8989"
  313. - "traefik.http.routers.sonarr.entrypoints=http"
  314. - "traefik.http.routers.sonarr.rule=Host(`sonarr.DOMAIN`)"
  315. - "traefik.http.routers.sonarr-secure.rule=Host(`sonarr.DOMAIN`)"
  316. - "traefik.http.routers.sonarr-secure.middlewares=private@file"
  317. - "traefik.http.routers.sonarr-secure.tls=true"
  318. - "traefik.http.routers.sonarr-secure.tls.certresolver=http"
  319.  
  320. radarr:
  321. image: linuxserver/radarr:preview
  322. restart: always
  323. environment:
  324. - PUID=33
  325. - PGID=33
  326. - TZ=America/New_York
  327. volumes:
  328. - /tank/container_data/radarr:/config
  329. - /tank/cloud/videos/Movies:/movies
  330. - /tank/downloads:/downloads
  331. expose:
  332. - 7878
  333. depends_on:
  334. - deluge
  335. - jackett
  336. labels:
  337. - "traefik.enable=true"
  338. - "traefik.http.services.radarr.loadbalancer.server.port=7878"
  339. - "traefik.http.routers.radarr.entrypoints=http"
  340. - "traefik.http.routers.radarr.rule=Host(`radarr.DOMAIN`)"
  341. - "traefik.http.routers.radarr-secure.rule=Host(`radarr.DOMAIN`)"
  342. - "traefik.http.routers.radarr-secure.middlewares=private@file"
  343. - "traefik.http.routers.radarr-secure.tls=true"
  344. - "traefik.http.routers.radarr-secure.tls.certresolver=http"
  345.  
  346. lidarr:
  347. image: linuxserver/lidarr:latest
  348. restart: always
  349. environment:
  350. - PUID=33
  351. - PGID=33
  352. - TZ=America/New_York
  353. volumes:
  354. - /tank/container_data/lidarr:/config
  355. - /tank/cloud/music:/music
  356. - /tank/downloads:/downloads
  357. expose:
  358. - 8686
  359. depends_on:
  360. - deluge
  361. - jackett
  362. labels:
  363. - "traefik.enable=true"
  364. - "traefik.http.services.lidarr.loadbalancer.server.port=8686"
  365. - "traefik.http.routers.lidarr.entrypoints=http"
  366. - "traefik.http.routers.lidarr.rule=Host(`lidarr.DOMAIN`)"
  367. - "traefik.http.routers.lidarr-secure.rule=Host(`lidarr.DOMAIN`)"
  368. - "traefik.http.routers.lidarr-secure.middlewares=private@file"
  369. - "traefik.http.routers.lidarr-secure.tls=true"
  370. - "traefik.http.routers.lidarr-secure.tls.certresolver=http"
  371.  
  372. /********************************************************************
  373. * cloud/docker-compose.yaml
  374. *********************************************************************/
  375. version: '3'
  376.  
  377. # nextcloud containers
  378. services:
  379.  
  380. nextav:
  381. image: tiredofit/clamav:latest
  382. restart: always
  383.  
  384. nextdb:
  385. image: mariadb:latest
  386. restart: always
  387. command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
  388. volumes:
  389. - /tank/container_data/nextcloud_db:/var/lib/mysql
  390. env_file:
  391. - db.env
  392.  
  393. nextredis:
  394. image: redis:latest
  395. restart: always
  396.  
  397. nextcron:
  398. image: nextcloud:production
  399. restart: always
  400. volumes:
  401. - /tank/container_data/nextcloud_app:/var/www/html
  402. - /tank/cloud/nextcloud/data:/var/www/html/data
  403. entrypoint: /cron.sh
  404. depends_on:
  405. - nextdb
  406. - nextredis
  407.  
  408. nextapp:
  409. image: nextcloud:production
  410. restart: always
  411. volumes:
  412. - /tank/container_data/nextcloud_app:/var/www/html
  413. - /tank/cloud/nextcloud/data:/var/www/html/data
  414. - /tank/cloud/videos:/videos
  415. - /tank/cloud/music:/music
  416. - /tank/cloud/books:/books
  417. - /tank/downloads/:/downloads
  418. environment:
  419. - PUID=33
  420. - PGID=33
  421. - MYSQL_HOST=nextdb
  422. - REDIS_HOST=nextredis
  423. - NEXTCLOUD_TABLE_PREFIX='oc_'
  424. env_file:
  425. - db.env
  426. depends_on:
  427. - nextdb
  428. - nextredis
  429. - nextav
  430. expose:
  431. - 80
  432. labels:
  433. - "traefik.enable=true"
  434. - "traefik.http.services.nextapp.loadbalancer.server.port=80"
  435. - "traefik.http.routers.nextapp.entrypoints=http"
  436. - "traefik.http.routers.nextapp.rule=Host(`nextcloud.DOMAIN`)"
  437. - "traefik.http.routers.nextapp-secure.rule=Host(`nextcloud.DOMAIN`)"
  438. - "traefik.http.routers.nextapp-secure.tls=true"
  439. - "traefik.http.routers.nextapp-secure.tls.certresolver=http"
  440. - "traefik.http.middlewares.nc-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
  441. - "traefik.http.middlewares.nc-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
  442. - "traefik.http.middlewares.nc-rep.redirectregex.permanent=true"
  443. - "traefik.http.routers.nextapp-secure.middlewares=nc-rep,secure@file"
  444.  
  445.  
  446. /********************************************************************
  447. * dev/docker-compose.yaml
  448. *********************************************************************/
  449. version: '3'
  450.  
  451. # dev containers
  452. services:
  453.  
  454. gitdb:
  455. image: mariadb:latest
  456. restart: always
  457. volumes:
  458. - /tank/container_data/gitdb:/var/lib/mysql
  459. environment:
  460. - TZ=America/New_York
  461. - MYSQL_ROOT_PASSWORD=root
  462. - MYSQL_DATABASE=gitea
  463. - MYSQL_USER=gitea
  464. - MYSQL_PASSWORD=gitea
  465.  
  466. gitapp:
  467. image: gitea/gitea:latest
  468. restart: always
  469. volumes:
  470. - /tank/container_data/gitea:/data
  471. environment:
  472. - TZ=America/New_York
  473. expose:
  474. - 3000
  475. depends_on:
  476. - gitdb
  477. labels:
  478. - "traefik.enable=true"
  479. - "traefik.http.services.gitapp.loadbalancer.server.port=3000"
  480. - "traefik.http.routers.gitapp.entrypoints=http"
  481. - "traefik.http.routers.gitapp.rule=Host(`git.DOMAIN`)"
  482. - "traefik.http.routers.gitapp-secure.rule=Host(`git.DOMAIN`)"
  483. - "traefik.http.routers.gitapp.middlewares=secure@file"
  484. - "traefik.http.routers.gitapp-secure.tls=true"
  485. - "traefik.http.routers.gitapp-secure.tls.certresolver=http"
  486.  
  487. jenkins:
  488. image: jenkins/jenkins:lts
  489. restart: always
  490. volumes:
  491. - /tank/container_data/jenkins:/var/jenkins_home
  492. environment:
  493. - TZ=America/New_York
  494. expose:
  495. - 8080
  496. - 50000
  497. labels:
  498. - "traefik.enable=true"
  499. - "traefik.http.services.jenkins.loadbalancer.server.port=8080"
  500. - "traefik.http.routers.jenkins.entrypoints=http"
  501. - "traefik.http.routers.jenkins.rule=Host(`jenkins.DOMAIN`)"
  502. - "traefik.http.routers.jenkins-secure.rule=Host(`jenkins.DOMAIN`)"
  503. - "traefik.http.routers.jenkins-secure.middlewares=secure@file"
  504. - "traefik.http.routers.jenkins-secure.tls=true"
  505. - "traefik.http.routers.jenkins-secure.tls.certresolver=http"
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!