version: "3.9"services: traefik: image: traefik:v2.9 container_na

1. version: "3.9"
2. services:
3. traefik:
4. image: traefik:v2.9
5. container_name: traefik
6. restart: always
7. environment:
8. - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
9. - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
10. - CLOUDFLARE_ZONE_API_TOKEN=${CLOUDFLARE_ZONE_API_TOKEN}
11. - LETS_ENCRYPT_EMAIL=${LETS_ENCRYPT_EMAIL}
12. command:
13. - --providers.docker=true
14. - --providers.docker.exposedbydefault=false
15. - --entrypoints.web.address=:80
16. - --entrypoints.web-secure.address=:443
17. - --entrypoints.web.http.redirections.entryPoint.to=web-secure
18. - --entrypoints.web.http.redirections.entryPoint.scheme=https
19. - --entrypoints.web.http.redirections.entrypoint.permanent=true
20. - --certificatesresolvers.myresolver.acme.dnschallenge=true
21. - --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_CHALLENGE_PROVIDER:-cloudflare}
22. # Uncomment to test your configuration by using Let's Encrypt staging certificates
23. #- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
24. - --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL}
25. - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
26. ports:
27. - "80:80"
28. - "443:443"
29. volumes:
30. - ./letsencrypt:/letsencrypt
31. - "/var/run/docker.sock:/var/run/docker.sock:ro"
32. sonarr:
33. image: lscr.io/linuxserver/sonarr
34. container_name: sonarr
35. environment:
36. - PUID=${USER_ID}
37. - PGID=${GROUP_ID}
38. - TZ=${TIMEZONE}
39. volumes:
40. - ./sonarr:/config
41. - ${DATA_ROOT}:/data
42. restart: always
43. labels:
44. - traefik.enable=true
45. - traefik.http.routers.sonarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sonarr`))
46. - traefik.http.routers.sonarr.tls=true
47. - traefik.http.routers.sonarr.tls.certresolver=myresolver
48. - traefik.http.services.sonarr.loadbalancer.server.port=8989
49. radarr:
50. image: lscr.io/linuxserver/radarr
51. container_name: radarr
52. environment:
53. - PUID=${USER_ID}
54. - PGID=${GROUP_ID}
55. - TZ=${TIMEZONE}
56. volumes:
57. - ./radarr:/config
58. - ${DATA_ROOT}:/data
59. restart: always
60. labels:
61. - traefik.enable=true
62. - traefik.http.routers.radarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/radarr`))
63. - traefik.http.routers.radarr.tls=true
64. - traefik.http.routers.radarr.tls.certresolver=myresolver
65. - traefik.http.services.radarr.loadbalancer.server.port=7878
66. prowlarr:
67. image: lscr.io/linuxserver/prowlarr:latest
68. container_name: prowlarr
69. environment:
70. - PUID=${USER_ID}
71. - PGID=${GROUP_ID}
72. - TZ=${TIMEZONE}
73. volumes:
74. - ./prowlarr:/config
75. restart: always
76. labels:
77. - traefik.enable=true
78. - traefik.http.routers.prowlarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/prowlarr`))
79. - traefik.http.routers.prowlarr.tls=true
80. - traefik.http.routers.prowlarr.tls.certresolver=myresolver
81. - traefik.http.services.prowlarr.loadbalancer.server.port=9696
82. qbittorrent:
83. image: lscr.io/linuxserver/qbittorrent:libtorrentv1
84. container_name: qbittorrent
85. environment:
86. - PUID=${USER_ID}
87. - PGID=${GROUP_ID}
88. - TZ=${TIMEZONE}
89. - WEBUI_PORT=8080
90. volumes:
91. - ./qbittorrent:/config
92. - ${DOWNLOAD_ROOT}:/data/torrents
93. restart: always
94. network_mode: "service:vpn"
95. depends_on:
96. - vpn
97. labels:
98. - traefik.enable=true
99. - traefik.http.routers.qbittorrent.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/qbittorrent`))
100. - traefik.http.routers.qbittorrent.tls=true
101. - traefik.http.routers.qbittorrent.tls.certresolver=myresolver
102. - traefik.http.services.qbittorrent.loadbalancer.server.port=8080
103. - traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix
104. # https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-552146296
105. - traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent
106. # https://community.traefik.io/t/middleware-to-add-the-if-needed/1895/19
107. - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.regex=(^.*\/qbittorrent$$)
108. - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.replacement=$$1/
109. - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.permanent=false
110. #- com.centurylinklabs.watchtower.depends-on=/vpn
111. vpn:
112. image: thrnz/docker-wireguard-pia
113. container_name: vpn
114. volumes:
115. - ./pia:/pia
116. - ./pia-shared:/pia-shared
117. cap_add:
118. - NET_ADMIN
119. - SYS_MODULE
120. environment:
121. - LOC=${PIA_LOCATION}
122. - USER=${PIA_USER}
123. - PASS=${PIA_PASS}
124. - LOCAL_NETWORK=${PIA_LOCAL_NETWORK}
125. - PORT_FORWARDING=1
126. - PORT_PERSIST=1
127. - PORT_SCRIPT=/pia-shared/portupdate-qbittorrent.sh
128. - EXIT_ON_FATAL=1
129. sysctls:
130. - net.ipv4.conf.all.src_valid_mark=1
131. - net.ipv6.conf.default.disable_ipv6=1
132. - net.ipv6.conf.all.disable_ipv6=1
133. - net.ipv6.conf.lo.disable_ipv6=1
134. healthcheck:
135. test: ping -c 1 www.google.com || exit 1
136. interval: 30s
137. timeout: 10s
138. retries: 3
139. restart: always
140. labels:
141. # network mode is not supported: https://github.com/containrrr/watchtower/issues/1286#issuecomment-1214291660
142. - com.centurylinklabs.watchtower.enable=false
143. jellyfin:
144. image: lscr.io/linuxserver/jellyfin
145. container_name: jellyfin
146. environment:
147. - PUID=${USER_ID}
148. - PGID=${GROUP_ID}
149. - TZ=${TIMEZONE}
150. - JELLYFIN_PublishedServerUrl=${HOSTNAME}/jellyfin
151. volumes:
152. - ./jellyfin:/config
153. - ${DATA_ROOT}:/data
154. ports:
155. - "7359:7359/udp"
156. - "1900:1900/udp"
157. # devices:
158. # - /dev/dri/renderD128:/dev/dri/renderD128
159. # - /dev/dri/card0:/dev/dri/card0
160. restart: always
161. labels:
162. - traefik.enable=true
163. - traefik.http.routers.jellyfin.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyfin`))
164. - traefik.http.routers.jellyfin.tls=true
165. - traefik.http.routers.jellyfin.tls.certresolver=myresolver
166. - traefik.http.services.jellyfin.loadbalancer.server.port=8096
167. heimdall:
168. image: lscr.io/linuxserver/heimdall
169. container_name: heimdall
170. environment:
171. - PUID=${USER_ID}
172. - PGID=${GROUP_ID}
173. volumes:
174. - ./heimdall:/config
175. restart: always
176. labels:
177. - traefik.enable=true
178. - traefik.http.routers.heimdall.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/`))
179. - traefik.http.routers.heimdall.tls=true
180. - traefik.http.routers.heimdall.tls.certresolver=myresolver
181. - traefik.http.services.heimdall.loadbalancer.server.port=80
182. watchtower:
183. image: containrrr/watchtower
184. container_name: watchtower
185. restart: always
186. environment:
187. - WATCHTOWER_CLEANUP=true
188. volumes:
189. - /var/run/docker.sock:/var/run/docker.sock
190.  
191. dashy:
192. # To build from source, replace 'image: lissy93/dashy' with 'build: .'
193. # build: .
194. image: lissy93/dashy
195. container_name: Dashy
196. # Pass in your config file below, by specifying the path on your host machine
197. # volumes:
198. # - /root/my-config.yml:/app/public/conf.yml
199. ports:
200. - 4000:80
201. # Set any environmental variables
202. environment:
203. - NODE_ENV=production
204. # Specify your user ID and group ID. You can find this by running `id -u` and `id -g`
205. # - UID=1000
206. # - GID=1000
207. # Specify restart policy
208. restart: unless-stopped
209. # Configure healthchecks
210. healthcheck:
211. test: ['CMD', 'node', '/app/services/healthcheck']
212. interval: 1m30s
213. timeout: 10s
214. retries: 3
215. start_period: 40s
216.  
217. labels:
218. - traefik.enable=true
219. - traefik.http.routers.dashy.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/dashy`))
220. - traefik.http.routers.dashy.tls=true
221. - traefik.http.routers.dashy.tls.certresolver=myresolver
222. - traefik.http.services.dashy.loadbalancer.server.port=80
223.  
224. networks:
225. default:
226. name: docker-compose-nas
227.