adrien/Selfhosted-config
1
0
Fork 0
Code Actions
Selfhosted-config/docker-compose.yml

113 lines
4.2 KiB
YAML
Raw Blame History

include:
- databases.yml
- apps.yml
- gitea.yml
- monitoring.yml
services:
traefik:
image: "traefik:v3.4"
container_name: "traefik"
restart: unless-stopped
command:
# HTTPS TSL stuff
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=adrien.bouvais.pro@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" # Relative path on SSD
# Enable Traefik API and Dashboard (securely)
- "--api.dashboard=true"
- "--metrics.prometheus=true"
- "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
- "--entryPoints.ssh.address=:2101"
# Logs - Traefik will write its logs to /logs within the container, which maps to /data/logs on host
- "--accesslog=true"
- "--accesslog.format=json"
- "--accesslog.filepath=/logs/access.log"
- "--accesslog.bufferingSize=0"
ports:
- target: 443
published: 443
protocol: tcp
mode: host
- target: 2101
published: 2101
protocol: tcp
mode: host
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./config/users.cred:/users.cred"
- "./hdd0/logs:/logs"
labels:
- "traefik.enable=true"
# Dashboard Router
- "traefik.http.routers.dashboard.rule=Host(`traefik.bouvais.lu`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=auth@docker"
- "traefik.http.routers.dashboard.tls.certresolver=myresolver"
# Traefik Middleware
- "traefik.http.middlewares.auth.basicauth.usersfile=/users.cred"
- "traefik.http.middlewares.ratelimit.ratelimit.average=20"
- "traefik.http.middlewares.ratelimit.ratelimit.burst=40"
# bouvais.lu redirection
- "traefik.http.routers.bouvais-redirect.rule=Host(`bouvais.lu`)"
- "traefik.http.routers.bouvais-redirect.entrypoints=websecure"
- "traefik.http.routers.bouvais-redirect.middlewares=redirect-to-gitea@docker"
- "traefik.http.routers.bouvais-redirect.tls.certresolver=myresolver"
- "traefik.http.middlewares.redirect-to-gitea.redirectregex.regex=^https?://(www\\.)?bouvais\\.lu(.*)"
- "traefik.http.middlewares.redirect-to-gitea.redirectregex.replacement=https://git.bouvais.lu$${2}"
- "traefik.http.middlewares.redirect-to-gitea.redirectregex.permanent=true"
fail2ban:
image: crazymax/fail2ban:1.1.0
container_name: fail2ban
restart: unless-stopped
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
volumes:
- "./hdd0/fail2ban/data:/data"
- "./hdd0/fail2ban/log:/var/log"
- "./hdd0/logs:/logs:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
environment:
- F2B_IPTABLES_CHAIN=DOCKER-USER
kopia:
image: kopia/kopia:latest
container_name: kopia
restart: unless-stopped
ports:
- 51515:51515
command:
- server
- start
#- --disable-csrf-token-checks
- --insecure
- --address=0.0.0.0:51515
- --server-username=adrien
- --server-password=${MASTER_PASSWORD}
environment:
KOPIA_PASSWORD: ${MASTER_PASSWORD}
USER: "adrien"
volumes:
# Mount local folders needed by kopia
- ./config/kopia:/app/config
- ./cache/kopia:/app/cache
- ./hdd0/logs/:/app/logs
- ./hdd0:/hdd0 # Mount local folders to snapshot
- ./hdd0_backups/kopia/dir:/repository # Mount repository location
- ./hdd0_backups/kopia/shared:/tmp:shared # Mount path for browsing mounted snaphots
labels:
- "traefik.enable=true"
- "traefik.http.routers.kopia.rule=Host(`kopia.bouvais.lu`)"
- "traefik.http.routers.kopia.entrypoints=websecure"
- "traefik.http.routers.kopia.tls.certresolver=myresolver"
- "traefik.http.services.kopia.loadbalancer.server.port=51515"
View Git Blame Copy Permalink