API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 23rd, 2020
762
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 9.13 KB | None | 0 0
raw download clone embed print report
  1. version: "3.7"
  2.  
  3. ########################### NETWORKS
  4. networks:
  5.   t2_proxy:
  6.     external:
  7.       name: t2_proxy
  8.   default:
  9.     driver: bridge
  10.  
  11. ########################### SERVICES
  12. services:
  13. # All services / apps go below this line
  14.  
  15. # Traefik 2 - Reverse Proxy
  16.   traefik:
  17.     container_name: traefik
  18.     image: traefik:chevrotin # the chevrotin tag refers to v2.2.x
  19.     restart: unless-stopped
  20.     command: # CLI arguments
  21.       - --global.checkNewVersion=true
  22.       - --global.sendAnonymousUsage=true
  23.       - --entryPoints.http.address=:80
  24.       - --entryPoints.https.address=:443
  25. # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
  26.       - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
  27.       - --entryPoints.traefik.address=:8080
  28.       - --api=true
  29. #      - --api.insecure=true
  30. #      - --serversTransport.insecureSkipVerify=true
  31.       - --log=true
  32.       - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
  33.       - --accessLog=true
  34.       - --accessLog.filePath=/traefik.log
  35.       - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
  36.       - --accessLog.filters.statusCodes=400-499
  37.       - --providers.docker=true
  38.       - --providers.docker.endpoint=unix:///var/run/docker.sock
  39.       - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
  40.       - --providers.docker.exposedByDefault=false
  41.       - --providers.docker.network=t2_proxy
  42.       - --providers.docker.swarmMode=false
  43.       - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
  44. #      - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
  45.       - --providers.file.watch=true # Only works on top level files in the rules folder
  46. #      - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
  47.       - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
  48.       - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
  49.       - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
  50.       - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
  51. #    networks:
  52. #      t2_proxy:
  53. #        ipv4_address: 192.168.90.254 # You can specify a static IP
  54.     networks:
  55.      - t2_proxy
  56.     security_opt:
  57.      - no-new-privileges:true
  58.     ports:
  59.       - target: 80
  60.         published: 80
  61.         protocol: tcp
  62.         mode: host
  63.       - target: 443
  64.         published: 443
  65.         protocol: tcp
  66.         mode: host
  67.       - target: 8080
  68.         published: 8080
  69.         protocol: tcp
  70.         mode: host
  71.     volumes:
  72.      - $USERDIR/docker/traefik2/rules:/rules
  73.       - /var/run/docker.sock:/var/run/docker.sock:ro
  74.       - $USERDIR/docker/traefik2/acme/acme.json:/acme.json
  75.       - $USERDIR/docker/traefik2/traefik.log:/traefik.log
  76.       - $USERDIR/docker/shared:/shared
  77.     environment:
  78.      - CF_API_EMAIL=$CLOUDFLARE_EMAIL
  79.       - CF_API_KEY=$CLOUDFLARE_API_KEY
  80.     labels:
  81.      - "traefik.enable=true"
  82.       # HTTP-to-HTTPS Redirect
  83.       - "traefik.http.routers.http-catchall.entrypoints=http"
  84.       - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
  85.       - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
  86.       - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
  87.       # HTTP Routers
  88.       - "traefik.http.routers.traefik-rtr.entrypoints=https"
  89.       - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
  90.       - "traefik.http.routers.traefik-rtr.tls=true"
  91. #      - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
  92.       - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
  93.       - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
  94. #      - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$SECONDDOMAINNAME" # Pulls main cert for second domain
  95. #      - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$SECONDDOMAINNAME" # Pulls wildcard cert for second domain
  96.       ## Services - API
  97.       - "traefik.http.routers.traefik-rtr.service=api@internal"
  98.       ## Middlewares
  99.       - "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file"
  100.  
  101. # TransmissionBT - Torrent Downloader
  102.   transmission-vpn:
  103.     image: haugene/transmission-openvpn:latest
  104.     container_name: transmission-vpn
  105.     restart: always
  106.     networks:
  107.      - t2_proxy
  108. #    security_opt:
  109. #      - no-new-privileges:true
  110.     cap_add:
  111.      - NET_ADMIN
  112.     devices:
  113.      - /dev/net/tun
  114.     dns:
  115.      - 1.1.1.1
  116.       - 1.0.0.1
  117.     volumes:
  118.      - /etc/localtime:/etc/localtime:ro
  119.       - $USERDIR/docker/transmission-vpn/data:/data
  120.       - $USERDIR/docker/transmission-vpn/config:/config
  121.       - /tank/media:/media
  122.     environment:
  123.       OPENVPN_PROVIDER: IPVANISH
  124.       OPENVPN_USERNAME: $IPVANISH_USERNAME
  125.       OPENVPN_PASSWORD: $IPVANISH_PASSWORD
  126.       OPENVPN_CONFIG: "ipvanish-US-Atlanta-atl-a41"
  127.       OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60 --mssfix 1450 --mute-replay-warnings
  128.       PUID: $PUID
  129.       PGID: $PGID
  130.       TZ: $TZ
  131.       UMASK_SET: 002
  132.       TRANSMISSION_RPC_AUTHENTICATION_REQUIRED: "true"
  133.       TRANSMISSION_RPC_HOST_WHITELIST: "127.0.0.1"
  134.       TRANSMISSION_RPC_PASSWORD: $TRANSMISSION_RPC_PASSWORD
  135.       TRANSMISSION_RPC_USERNAME: $TRANSMISSION_RPC_USERNAME
  136.       TRANSMISSION_UMASK: 002
  137.       TRANSMISSION_RATIO_LIMIT: 1.0
  138.       TRANSMISSION_RATIO_LIMIT_ENABLED: "true"
  139.       TRANSMISSION_DOWNLOAD_QUEUE_ENABLED: "false"
  140.       TRANSMISSION_ALT_SPEED_DOWN: 5000
  141.       TRANSMISSION_ALT_SPEED_ENABLED: "false"
  142.       TRANSMISSION_ALT_SPEED_UP: 200
  143.       TRANSMISSION_SPEED_LIMIT_DOWN: 25000
  144.       TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED: "true"
  145.       TRANSMISSION_SPEED_LIMIT_UP: 1000
  146.       TRANSMISSION_SPEED_LIMIT_UP_ENABLED: "true"
  147.       TRANSMISSION_INCOMPLETE_DIR: /media/downloads/incomplete
  148.       TRANSMISSION_INCOMPLETE_DIR_ENABLED: "true"
  149.       TRANSMISSION_WATCH_DIR: /media/downloads/watch
  150.       TRANSMISSION_WATCH_DIR_ENABLED: "true"
  151.       TRANSMISSION_DOWNLOAD_DIR: /media/downloads/complete
  152.     labels:
  153.      - "traefik.enable=true"
  154.       ## HTTP Routers
  155.       - "traefik.http.routers.transmission-vpn-rtr.entrypoints=https"
  156.       - "traefik.http.routers.transmission-vpn-rtr.rule=Host(`torrent.$DOMAINNAME`)"
  157.       - "traefik.http.routers.transmission-vpn-rtr.tls=true"
  158.       ## Middlewares
  159.       - "traefik.http.routers.transmission-vpn-rtr.middlewares=middlewares-rate-limit@file"
  160.       ## HTTP Services
  161.       - "traefik.http.routers.transmission-vpn-rtr.service=transmission-vpn-svc"
  162.       - "traefik.http.services.transmission-vpn-svc.loadbalancer.server.port=9091"
  163.  
  164.   deluge:
  165.     image: linuxserver/deluge:latest
  166.     container_name: deluge
  167.     restart: always
  168.     network_mode: service:openvpn # run on the vpn network
  169.     environment:
  170.      - PUID=${PUID} # default user id, defined in .env
  171.       - PGID=${PGID} # default group id, defined in .env
  172.       - TZ=${TZ} # timezone, defined in .env
  173.     volumes:
  174.      - /tank/media:/media # downloads folder
  175.       - $USERDIR/docker/deluge:/config # config files
  176.     # labels:
  177.     #   - "traefik.enable=true"
  178.     #   ## HTTP Routers
  179.     #   - "traefik.http.routers.deluge-rtr.entrypoints=https"
  180.     #   - "traefik.http.routers.deluge-rtr.rule=Host(`torrent2.$DOMAINNAME`)"
  181.     #   - "traefik.http.routers.deluge-rtr.tls=true"
  182.     #   ## Middlewares
  183.     #   - "traefik.http.routers.deluge-rtr.middlewares=middlewares-rate-limit@file"
  184.     #   ## HTTP Services
  185.     #   - "traefik.http.routers.deluge-rtr.service=deluge-svc"
  186.     #   - "traefik.http.services.deluge-svc.loadbalancer.server.port=8112"
  187.  
  188.   openvpn:
  189.     image: dperson/openvpn-client:latest
  190.     container_name: openvpn
  191.     # networks:
  192.     #   - t2_proxy
  193.     cap_add:
  194.      - net_admin # required to modify network interfaces
  195.     restart: unless-stopped
  196.     volumes:
  197.      - /dev/net:/dev/net:z # tun device
  198.       - $USERDIR/docker/openvpn:/vpn # OpenVPN configuration
  199.     security_opt:
  200.      - label:disable
  201.     ports:
  202.      - 8112:8112 # port for deluge web UI to be reachable from local network
  203.     command: "-r 192.168.1.0/24" # route local network traffic
  204.     # labels:
  205.     #   - "traefik.enable=true"
  206.     #   ## HTTP Routers
  207.     #   - "traefik.http.routers.deluge-rtr.entrypoints=https"
  208.     #   - "traefik.http.routers.deluge-rtr.rule=Host(`torrent2.$DOMAINNAME`)"
  209.     #   - "traefik.http.routers.deluge-rtr.tls=true"
  210.     #   ## Middlewares
  211.     #   - "traefik.http.routers.deluge-rtr.middlewares=middlewares-rate-limit@file"
  212.     #   ## HTTP Services
  213.     #   - "traefik.http.routers.deluge-rtr.service=deluge-svc"
  214.     #   - "traefik.http.services.deluge-svc.loadbalancer.server.port=8112"
  215.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!