Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- version: "3.9"
- services:
- traefik:
- image: traefik:v2.9
- container_name: traefik
- restart: always
- environment:
- - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
- - CLOUDFLARE_ZONE_API_TOKEN=${CLOUDFLARE_ZONE_API_TOKEN}
- - LETS_ENCRYPT_EMAIL=${LETS_ENCRYPT_EMAIL}
- command:
- - --providers.docker=true
- - --providers.docker.exposedbydefault=false
- - --entrypoints.web.address=:80
- - --entrypoints.web-secure.address=:443
- - --entrypoints.web.http.redirections.entryPoint.to=web-secure
- - --entrypoints.web.http.redirections.entryPoint.scheme=https
- - --entrypoints.web.http.redirections.entrypoint.permanent=true
- - --certificatesresolvers.myresolver.acme.dnschallenge=true
- - --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_CHALLENGE_PROVIDER:-cloudflare}
- # Uncomment to test your configuration by using Let's Encrypt staging certificates
- #- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- - --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL}
- - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
- ports:
- - "80:80"
- - "443:443"
- volumes:
- - ./letsencrypt:/letsencrypt
- - "/var/run/docker.sock:/var/run/docker.sock:ro"
- sonarr:
- image: lscr.io/linuxserver/sonarr
- container_name: sonarr
- environment:
- - PUID=${USER_ID}
- - PGID=${GROUP_ID}
- - TZ=${TIMEZONE}
- volumes:
- - ./sonarr:/config
- - ${DATA_ROOT}:/data
- restart: always
- labels:
- - traefik.enable=true
- - traefik.http.routers.sonarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sonarr`))
- - traefik.http.routers.sonarr.tls=true
- - traefik.http.routers.sonarr.tls.certresolver=myresolver
- - traefik.http.services.sonarr.loadbalancer.server.port=8989
- radarr:
- image: lscr.io/linuxserver/radarr
- container_name: radarr
- environment:
- - PUID=${USER_ID}
- - PGID=${GROUP_ID}
- - TZ=${TIMEZONE}
- volumes:
- - ./radarr:/config
- - ${DATA_ROOT}:/data
- restart: always
- labels:
- - traefik.enable=true
- - traefik.http.routers.radarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/radarr`))
- - traefik.http.routers.radarr.tls=true
- - traefik.http.routers.radarr.tls.certresolver=myresolver
- - traefik.http.services.radarr.loadbalancer.server.port=7878
- prowlarr:
- image: lscr.io/linuxserver/prowlarr:latest
- container_name: prowlarr
- environment:
- - PUID=${USER_ID}
- - PGID=${GROUP_ID}
- - TZ=${TIMEZONE}
- volumes:
- - ./prowlarr:/config
- restart: always
- labels:
- - traefik.enable=true
- - traefik.http.routers.prowlarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/prowlarr`))
- - traefik.http.routers.prowlarr.tls=true
- - traefik.http.routers.prowlarr.tls.certresolver=myresolver
- - traefik.http.services.prowlarr.loadbalancer.server.port=9696
- qbittorrent:
- image: lscr.io/linuxserver/qbittorrent:libtorrentv1
- container_name: qbittorrent
- environment:
- - PUID=${USER_ID}
- - PGID=${GROUP_ID}
- - TZ=${TIMEZONE}
- - WEBUI_PORT=8080
- volumes:
- - ./qbittorrent:/config
- - ${DOWNLOAD_ROOT}:/data/torrents
- restart: always
- network_mode: "service:vpn"
- depends_on:
- - vpn
- labels:
- - traefik.enable=true
- - traefik.http.routers.qbittorrent.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/qbittorrent`))
- - traefik.http.routers.qbittorrent.tls=true
- - traefik.http.routers.qbittorrent.tls.certresolver=myresolver
- - traefik.http.services.qbittorrent.loadbalancer.server.port=8080
- - traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix
- # https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-552146296
- - traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent
- # https://community.traefik.io/t/middleware-to-add-the-if-needed/1895/19
- - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.regex=(^.*\/qbittorrent$$)
- - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.replacement=$$1/
- - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.permanent=false
- #- com.centurylinklabs.watchtower.depends-on=/vpn
- vpn:
- image: thrnz/docker-wireguard-pia
- container_name: vpn
- volumes:
- - ./pia:/pia
- - ./pia-shared:/pia-shared
- cap_add:
- - NET_ADMIN
- - SYS_MODULE
- environment:
- - LOC=${PIA_LOCATION}
- - USER=${PIA_USER}
- - PASS=${PIA_PASS}
- - LOCAL_NETWORK=${PIA_LOCAL_NETWORK}
- - PORT_FORWARDING=1
- - PORT_PERSIST=1
- - PORT_SCRIPT=/pia-shared/portupdate-qbittorrent.sh
- - EXIT_ON_FATAL=1
- sysctls:
- - net.ipv4.conf.all.src_valid_mark=1
- - net.ipv6.conf.default.disable_ipv6=1
- - net.ipv6.conf.all.disable_ipv6=1
- - net.ipv6.conf.lo.disable_ipv6=1
- healthcheck:
- test: ping -c 1 www.google.com || exit 1
- interval: 30s
- timeout: 10s
- retries: 3
- restart: always
- labels:
- # network mode is not supported: https://github.com/containrrr/watchtower/issues/1286#issuecomment-1214291660
- - com.centurylinklabs.watchtower.enable=false
- jellyfin:
- image: lscr.io/linuxserver/jellyfin
- container_name: jellyfin
- environment:
- - PUID=${USER_ID}
- - PGID=${GROUP_ID}
- - TZ=${TIMEZONE}
- - JELLYFIN_PublishedServerUrl=${HOSTNAME}/jellyfin
- volumes:
- - ./jellyfin:/config
- - ${DATA_ROOT}:/data
- ports:
- - "7359:7359/udp"
- - "1900:1900/udp"
- # devices:
- # - /dev/dri/renderD128:/dev/dri/renderD128
- # - /dev/dri/card0:/dev/dri/card0
- restart: always
- labels:
- - traefik.enable=true
- - traefik.http.routers.jellyfin.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyfin`))
- - traefik.http.routers.jellyfin.tls=true
- - traefik.http.routers.jellyfin.tls.certresolver=myresolver
- - traefik.http.services.jellyfin.loadbalancer.server.port=8096
- heimdall:
- image: lscr.io/linuxserver/heimdall
- container_name: heimdall
- environment:
- - PUID=${USER_ID}
- - PGID=${GROUP_ID}
- volumes:
- - ./heimdall:/config
- restart: always
- labels:
- - traefik.enable=true
- - traefik.http.routers.heimdall.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/`))
- - traefik.http.routers.heimdall.tls=true
- - traefik.http.routers.heimdall.tls.certresolver=myresolver
- - traefik.http.services.heimdall.loadbalancer.server.port=80
- watchtower:
- image: containrrr/watchtower
- container_name: watchtower
- restart: always
- environment:
- - WATCHTOWER_CLEANUP=true
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock
- dashy:
- # To build from source, replace 'image: lissy93/dashy' with 'build: .'
- # build: .
- image: lissy93/dashy
- container_name: Dashy
- # Pass in your config file below, by specifying the path on your host machine
- # volumes:
- # - /root/my-config.yml:/app/public/conf.yml
- ports:
- - 4000:80
- # Set any environmental variables
- environment:
- - NODE_ENV=production
- # Specify your user ID and group ID. You can find this by running `id -u` and `id -g`
- # - UID=1000
- # - GID=1000
- # Specify restart policy
- restart: unless-stopped
- # Configure healthchecks
- healthcheck:
- test: ['CMD', 'node', '/app/services/healthcheck']
- interval: 1m30s
- timeout: 10s
- retries: 3
- start_period: 40s
- labels:
- - traefik.enable=true
- - traefik.http.routers.dashy.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/dashy`))
- - traefik.http.routers.dashy.tls=true
- - traefik.http.routers.dashy.tls.certresolver=myresolver
- - traefik.http.services.dashy.loadbalancer.server.port=80
- networks:
- default:
- name: docker-compose-nas
Add Comment
Please, Sign In to add comment