Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- version: "3.7"
- ########################### NETWORKS
- networks:
- t2_proxy:
- external:
- name: t2_proxy
- default:
- driver: bridge
- ########################### SERVICES
- services:
- # All services / apps go below this line
- # Traefik 2 - Reverse Proxy
- traefik:
- container_name: traefik
- image: traefik:chevrotin # the chevrotin tag refers to v2.2.x
- restart: unless-stopped
- command: # CLI arguments
- - --global.checkNewVersion=true
- - --global.sendAnonymousUsage=true
- - --entryPoints.http.address=:80
- - --entryPoints.https.address=:443
- # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
- - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
- - --entryPoints.traefik.address=:8080
- - --api=true
- # - --api.insecure=true
- # - --serversTransport.insecureSkipVerify=true
- - --log=true
- - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- - --accessLog=true
- - --accessLog.filePath=/traefik.log
- - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- - --accessLog.filters.statusCodes=400-499
- - --providers.docker=true
- - --providers.docker.endpoint=unix:///var/run/docker.sock
- - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
- - --providers.docker.exposedByDefault=false
- - --providers.docker.network=t2_proxy
- - --providers.docker.swarmMode=false
- - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
- # - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
- - --providers.file.watch=true # Only works on top level files in the rules folder
- # - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
- - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- # networks:
- # t2_proxy:
- # ipv4_address: 192.168.90.254 # You can specify a static IP
- networks:
- - t2_proxy
- security_opt:
- - no-new-privileges:true
- ports:
- - target: 80
- published: 80
- protocol: tcp
- mode: host
- - target: 443
- published: 443
- protocol: tcp
- mode: host
- - target: 8080
- published: 8080
- protocol: tcp
- mode: host
- volumes:
- - $USERDIR/docker/traefik2/rules:/rules
- - /var/run/docker.sock:/var/run/docker.sock:ro
- - $USERDIR/docker/traefik2/acme/acme.json:/acme.json
- - $USERDIR/docker/traefik2/traefik.log:/traefik.log
- - $USERDIR/docker/shared:/shared
- environment:
- - CF_API_EMAIL=$CLOUDFLARE_EMAIL
- - CF_API_KEY=$CLOUDFLARE_API_KEY
- labels:
- - "traefik.enable=true"
- # HTTP-to-HTTPS Redirect
- - "traefik.http.routers.http-catchall.entrypoints=http"
- - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- # HTTP Routers
- - "traefik.http.routers.traefik-rtr.entrypoints=https"
- - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
- - "traefik.http.routers.traefik-rtr.tls=true"
- # - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
- - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
- - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
- # - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$SECONDDOMAINNAME" # Pulls main cert for second domain
- # - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$SECONDDOMAINNAME" # Pulls wildcard cert for second domain
- ## Services - API
- - "traefik.http.routers.traefik-rtr.service=api@internal"
- ## Middlewares
- - "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file"
- # TransmissionBT - Torrent Downloader
- transmission-vpn:
- image: haugene/transmission-openvpn:latest
- container_name: transmission-vpn
- restart: always
- networks:
- - t2_proxy
- # security_opt:
- # - no-new-privileges:true
- cap_add:
- - NET_ADMIN
- devices:
- - /dev/net/tun
- dns:
- - 1.1.1.1
- - 1.0.0.1
- volumes:
- - /etc/localtime:/etc/localtime:ro
- - $USERDIR/docker/transmission-vpn/data:/data
- - $USERDIR/docker/transmission-vpn/config:/config
- - /tank/media:/media
- environment:
- OPENVPN_PROVIDER: IPVANISH
- OPENVPN_USERNAME: $IPVANISH_USERNAME
- OPENVPN_PASSWORD: $IPVANISH_PASSWORD
- OPENVPN_CONFIG: "ipvanish-US-Atlanta-atl-a41"
- OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60 --mssfix 1450 --mute-replay-warnings
- PUID: $PUID
- PGID: $PGID
- TZ: $TZ
- UMASK_SET: 002
- TRANSMISSION_RPC_AUTHENTICATION_REQUIRED: "true"
- TRANSMISSION_RPC_HOST_WHITELIST: "127.0.0.1"
- TRANSMISSION_RPC_PASSWORD: $TRANSMISSION_RPC_PASSWORD
- TRANSMISSION_RPC_USERNAME: $TRANSMISSION_RPC_USERNAME
- TRANSMISSION_UMASK: 002
- TRANSMISSION_RATIO_LIMIT: 1.0
- TRANSMISSION_RATIO_LIMIT_ENABLED: "true"
- TRANSMISSION_DOWNLOAD_QUEUE_ENABLED: "false"
- TRANSMISSION_ALT_SPEED_DOWN: 5000
- TRANSMISSION_ALT_SPEED_ENABLED: "false"
- TRANSMISSION_ALT_SPEED_UP: 200
- TRANSMISSION_SPEED_LIMIT_DOWN: 25000
- TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED: "true"
- TRANSMISSION_SPEED_LIMIT_UP: 1000
- TRANSMISSION_SPEED_LIMIT_UP_ENABLED: "true"
- TRANSMISSION_INCOMPLETE_DIR: /media/downloads/incomplete
- TRANSMISSION_INCOMPLETE_DIR_ENABLED: "true"
- TRANSMISSION_WATCH_DIR: /media/downloads/watch
- TRANSMISSION_WATCH_DIR_ENABLED: "true"
- TRANSMISSION_DOWNLOAD_DIR: /media/downloads/complete
- labels:
- - "traefik.enable=true"
- ## HTTP Routers
- - "traefik.http.routers.transmission-vpn-rtr.entrypoints=https"
- - "traefik.http.routers.transmission-vpn-rtr.rule=Host(`torrent.$DOMAINNAME`)"
- - "traefik.http.routers.transmission-vpn-rtr.tls=true"
- ## Middlewares
- - "traefik.http.routers.transmission-vpn-rtr.middlewares=middlewares-rate-limit@file"
- ## HTTP Services
- - "traefik.http.routers.transmission-vpn-rtr.service=transmission-vpn-svc"
- - "traefik.http.services.transmission-vpn-svc.loadbalancer.server.port=9091"
- deluge:
- image: linuxserver/deluge:latest
- container_name: deluge
- restart: always
- network_mode: service:openvpn # run on the vpn network
- environment:
- - PUID=${PUID} # default user id, defined in .env
- - PGID=${PGID} # default group id, defined in .env
- - TZ=${TZ} # timezone, defined in .env
- volumes:
- - /tank/media:/media # downloads folder
- - $USERDIR/docker/deluge:/config # config files
- # labels:
- # - "traefik.enable=true"
- # ## HTTP Routers
- # - "traefik.http.routers.deluge-rtr.entrypoints=https"
- # - "traefik.http.routers.deluge-rtr.rule=Host(`torrent2.$DOMAINNAME`)"
- # - "traefik.http.routers.deluge-rtr.tls=true"
- # ## Middlewares
- # - "traefik.http.routers.deluge-rtr.middlewares=middlewares-rate-limit@file"
- # ## HTTP Services
- # - "traefik.http.routers.deluge-rtr.service=deluge-svc"
- # - "traefik.http.services.deluge-svc.loadbalancer.server.port=8112"
- openvpn:
- image: dperson/openvpn-client:latest
- container_name: openvpn
- # networks:
- # - t2_proxy
- cap_add:
- - net_admin # required to modify network interfaces
- restart: unless-stopped
- volumes:
- - /dev/net:/dev/net:z # tun device
- - $USERDIR/docker/openvpn:/vpn # OpenVPN configuration
- security_opt:
- - label:disable
- ports:
- - 8112:8112 # port for deluge web UI to be reachable from local network
- command: "-r 192.168.1.0/24" # route local network traffic
- # labels:
- # - "traefik.enable=true"
- # ## HTTP Routers
- # - "traefik.http.routers.deluge-rtr.entrypoints=https"
- # - "traefik.http.routers.deluge-rtr.rule=Host(`torrent2.$DOMAINNAME`)"
- # - "traefik.http.routers.deluge-rtr.tls=true"
- # ## Middlewares
- # - "traefik.http.routers.deluge-rtr.middlewares=middlewares-rate-limit@file"
- # ## HTTP Services
- # - "traefik.http.routers.deluge-rtr.service=deluge-svc"
- # - "traefik.http.services.deluge-svc.loadbalancer.server.port=8112"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement