From 4fb057269342b215ffa8fd1f1895a4dc53b0ef84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81d=C3=A1m=20Kov=C3=A1cs?= Date: Mon, 11 Jan 2021 10:54:56 +0100 Subject: [PATCH] =?UTF-8?q?K=C3=BCl=C3=B6n=20compose=20f=C3=A1jlok?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- compose.sh | 8 ++ composes/docker-compose.home.yml | 110 +++++++++++++++++++ composes/docker-compose.mainServices.yml | 70 ++++++++++++ composes/docker-compose.media.yml | 129 +++++++++++++++++++++++ composes/docker-compose.traefik.yml | 30 ++++++ docker-compose.yml | 105 ++++-------------- 6 files changed, 365 insertions(+), 87 deletions(-) create mode 100755 compose.sh create mode 100644 composes/docker-compose.home.yml create mode 100644 composes/docker-compose.mainServices.yml create mode 100644 composes/docker-compose.media.yml create mode 100644 composes/docker-compose.traefik.yml diff --git a/compose.sh b/compose.sh new file mode 100755 index 0000000..3489eab --- /dev/null +++ b/compose.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +docker-compose \ + -f docker-compose.yml \ + -f composes/docker-compose.home.yml \ + -f composes/docker-compose.mainServices.yml \ + -f composes/docker-compose.media.yml \ + -f composes/docker-compose.traefik.yml $@ diff --git a/composes/docker-compose.home.yml b/composes/docker-compose.home.yml new file mode 100644 index 0000000..a84cfb1 --- /dev/null +++ b/composes/docker-compose.home.yml @@ -0,0 +1,110 @@ +version: '3' +services: + dynuddnskovacs: + image: linuxserver/ddclient + container_name: dynuddnskovacs + restart: unless-stopped + environment: + - PUID=1000 #optional + - PGID=1000 #optional + - TZ=Europe/Budapest + volumes: + - "/mnt/Data/.system/containerdata/dynuddns/kovacsj/config:/config" #optional + networks: + - homenet + + cloudflarednskovacs: + image: ghcr.io/linuxserver/ddclient + container_name: cloudflarednskovacs + restart: unless-stopped + environment: + - PUID=1000 #optional + - PGID=1000 #optional + - TZ=Europe/Budapest + volumes: + - "/mnt/Data/.system/containerdata/cloudflaredns/kovijoe/config:/config" #optional + networks: + - homenet + + heimdall: + image: linuxserver/heimdall + container_name: heimdall + restart: unless-stopped + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Budapest + volumes: + - "/mnt/Data/.system/containerdata/heimdall/config:/config" + labels: + - "traefik.enable=true" + - "traefik.http.routers.heimdall.rule=Host(`heimdall.kovijoe.com`)" + - "traefik.http.routers.heimdall.entrypoints=http" + - "traefik.http.routers.heimdall.middlewares=wlhomelocal@file" + - "traefik.http.routers.heimdall-secure.rule=Host(`heimdall.kovijoe.com`)" + - "traefik.http.routers.heimdall-secure.entrypoints=https" + - "traefik.http.routers.heimdall-secure.middlewares=wlhomelocal@file" + - "traefik.http.routers.heimdall-secure.tls.certresolver=letsencrypt" + networks: + homenet: + aliases: + - heimdall + + filestash: + container_name: filestash + image: machines/filestash + restart: always + environment: + - APPLICATION_URL=files.kovijoe.com + #- "APPLICATION_URL=192.168.0.20:8334" + volumes: + - "/mnt/Data/.system/containerdata/filestash/data/:/app/data/state" + ports: + - "8334:8334" + labels: + - "traefik.enable=true" + - "traefik.http.routers.filestash.rule=Host(`files.kovijoe.com`)" + - "traefik.http.routers.filestash.entrypoints=https" + - "traefik.http.routers.filestash.tls.certresolver=letsencrypt" + - "traefik.http.routers.filestash.middlewares=xfwdprotohttps@file" + networks: + homenet: + aliases: + - filestash + + onlyoffice: + container_name: onlyoffice + image: onlyoffice/documentserver + stdin_open: true + restart: always + stop_grace_period: 60s + networks: + - homenet + + syncthing: + image: syncthing/syncthing:latest + container_name: syncthing + restart: unless-stopped + volumes: + - "/mnt/Data/.system/containerdata/syncthing:/var/syncthing" + - "/mnt/Data/Downloads/Sync/:/data/Sync" + network_mode: host + + nginxshared: + image: nginx:latest + container_name: nginxshared + restart: unless-stopped:0 + labels: + - "traefik.enable=true" + - "traefik.http.services.nginxshared.loadbalancer.server.port=80" + - "traefik.http.routers.nginxshared-secure.rule=Host(`shared.kovijoe.com`)" + - "traefik.http.routers.nginxshared-secure.entrypoints=https" + - "traefik.http.routers.nginxshared-secure.tls.certresolver=letsencrypt" + volumes: + - "/mnt/Data/www/publicShare:/usr/share/nginx/html" + - "/mnt/Data/.system/containerdata/nginxShared/config/nginx.conf:/etc/nginx/nginx.conf" + networks: + homenet: + aliases: + - nginxshared + diff --git a/composes/docker-compose.mainServices.yml b/composes/docker-compose.mainServices.yml new file mode 100644 index 0000000..11bc2d8 --- /dev/null +++ b/composes/docker-compose.mainServices.yml @@ -0,0 +1,70 @@ +version: '3' +services: + etesync: + image: victorrds/etesync + #image: grburst/etesync:alpine + container_name: etesync + volumes: + - "/mnt/Data/.system/containerdata/etesync/data:/data" + ports: + - 3735:3735 + labels: + - "traefik.enable=true" + - "traefik.http.routers.etesync.rule=Host(`etesync.kovijoe.com`)" + - "traefik.http.routers.etesync.entrypoints=https" + - "traefik.http.routers.etesync.tls.certresolver=letsencrypt" + environment: + - SUPER_USER=admin # Required to use websockets + - SUPER_PASS=pPRGbH3RyoqhiaYZYgZ7 # set to false to disable signups + - AUTO_UPATE=true + - DEBUG=true + restart: unless-stopped + networks: + homenet: + aliases: + - etesync + +# seafiledb: +# image: mariadb:10.1 +# container_name: seafile-mysql +# environment: +# - MYSQL_ROOT_PASSWORD=Wrhy5knVGVgxRKdxPftyEYPnQMrKdjma # Requested, set the root's password of MySQL service. +# - MYSQL_LOG_CONSOLE=true +# volumes: +# - /mnt/Data/.system/containerdata/seafile-mysql/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store. +# networks: +# - homenet +# +# memcached: +# image: memcached:1.5.6 +# container_name: seafile-memcached +# entrypoint: memcached -m 256 +# networks: +# - homenet +# +# seafile: +# image: seafileltd/seafile-mc:latest +# container_name: seafile +# #ports: +# # - "80:80" +## # - "443:443" # If https is enabled, cancel the comment. +# labels: +# - "traefik.enable=true" +# - "traefik.http.routers.seafile.rule=Host(`files.kovijoe.com`)" +# - "traefik.http.routers.seafile.entrypoints=https" +# - "traefik.http.routers.seafile.tls.certresolver=letsencrypt" +# volumes: +# - /mnt/Data/.system/containerdata/seafile-data:/shared # Requested, specifies the path to Seafile data persistent store. +# environment: +# - DB_HOST=seafiledb +# - DB_ROOT_PASSWD=Wrhy5knVGVgxRKdxPftyEYPnQMrKdjma # Requested, the value shuold be root's password of MySQL service. +# - TIME_ZONE=Europe/Budapest # Optional, default is UTC. Should be uncomment and set to your local time zone. +# - SEAFILE_ADMIN_EMAIL=kovacsadam07@outlook.hu # Specifies Seafile admin user, default is 'me@example.com'. +# - SEAFILE_ADMIN_PASSWORD=P4Mq8Vdvr5UCRd3w # Specifies Seafile admin password, default is 'asecret'. +# - SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not. +# - SEAFILE_SERVER_HOSTNAME=files.kovijoe.com # Specifies your host name if https is enabled. +# depends_on: +# - seafiledb +# - memcached +# networks: +# - homenet \ No newline at end of file diff --git a/composes/docker-compose.media.yml b/composes/docker-compose.media.yml new file mode 100644 index 0000000..b1cfe2a --- /dev/null +++ b/composes/docker-compose.media.yml @@ -0,0 +1,129 @@ +version: '3' +services: + +# Personal Media + jackett: + image: linuxserver/jackett + container_name: jackett + restart: unless-stopped:0 + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Budapest + volumes: + - "/mnt/Data/.system/containerdata/jackett/config:/config" + - "/mnt/Data/.system/containerdata/jackett/downloads:/downloads" + ports: + - "9117:9117" + networks: + - homenet + + radarr: + image: linuxserver/radarr + container_name: radarr + restart: unless-stopped:0 + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Budapest + volumes: + - "/mnt/Data/.system/containerdata/radarr/config:/config" + - "Movies:/movies" + - "Downloads:/downloads/complete" + ports: + - 7878:7878 + networks: + - homenet + + sonarr: + image: linuxserver/sonarr + container_name: sonarr + restart: unless-stopped:0 + environment: + - PUID=1001 + - PGID=1001 + - TZ=Europe/Budapest + volumes: + - "/dev/rtc:/dev/rtc:ro" + - "/mnt/Data/.system/containerdata/sonarr/config:/config" + - "TvShows:/tv" + - "Downloads:/downloads/complete" + ports: + - "8989:8989" + networks: + - homenet + + transmissionMedia: + image: linuxserver/transmission + container_name: trnsmedia + restart: unless-stopped:0 + environment: + - PUID=1001 + - PGID=1001 + - TZ=Europe/Budapest + volumes: + - "/mnt/Data/.system/containerdata/transmissionMedia/config:/config" + - "Downloads:/downloads/complete" + - "DownloadsIncomplete:/downloads/incomplete" + ports: + - "9092:9091" + - "51414:51414" + - "51414:51414/udp" + networks: + homenet: + aliases: + - trnsmedia + + jellyfin: + image: jellyfin/jellyfin + container_name: jellyfin + volumes: + - /mnt/Data/.system/containerdata/jellyfin/config:/config + - /mnt/Data/.system/containerdata/jellyfin/cache:/cache + - /mnt/Data/.system/containerdata/jellyfin/media:/media + - "Movies:/media/Movies" + - "TvShows:/media/TvShows" + ports: + - 8096:8096 + - 8920:8920 #optional + labels: + - "traefik.enable=true" + - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.kovijoe.com`)" + - "traefik.http.routers.jellyfin.entrypoints=https" + - "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt" + - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" + ## Middleware + - "traefik.http.routers.jellyfin.middlewares=jellyfin-mw" + #### The customResponseHeaders option lists the Header names and values to apply to the response. + - "traefik.http.middlewares.jellyfin-mw.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" + #### The sslRedirect is set to true, then only allow https requests. + - "traefik.http.middlewares.jellyfin-mw.headers.SSLRedirect=true" + #### The sslHost option is the host name that is used to redirect http requests to https. + #### This is the exact URL that will be redirected to, so you can remove the :9999 port if using default SSL port + - "traefik.http.middlewares.jellyfin-mw.headers.SSLHost=jellyfin.kovijoe.com" + #### Set sslForceHost to true and set SSLHost to forced requests to use SSLHost even the ones that are already using SSL. + #### Note that this uses SSLHost verbatim, so add the port to SSLHost if you are using an alternate port. + - "traefik.http.middlewares.jellyfin-mw.headers.SSLForceHost=true" + #### The stsSeconds is the max-age of the Strict-Transport-Security header. If set to 0, would NOT include the header. + - "traefik.http.middlewares.jellyfin-mw.headers.STSSeconds=315360000" + #### The stsIncludeSubdomains is set to true, the includeSubDomains directive will be + #### appended to the Strict-Transport-Security header. + - "traefik.http.middlewares.jellyfin-mw.headers.STSIncludeSubdomains=true" + #### Set stsPreload to true to have the preload flag appended to the Strict-Transport-Security header. + - "traefik.http.middlewares.jellyfin-mw.headers.STSPreload=true" + #### Set forceSTSHeader to true, to add the STS header even when the connection is HTTP. + - "traefik.http.middlewares.jellyfin-mw.headers.forceSTSHeader=true" + #### Set frameDeny to true to add the X-Frame-Options header with the value of DENY. + - "traefik.http.middlewares.jellyfin-mw.headers.frameDeny=true" + #### Set contentTypeNosniff to true to add the X-Content-Type-Options header with the value nosniff. + - "traefik.http.middlewares.jellyfin-mw.headers.contentTypeNosniff=true" + #### Set browserXssFilter to true to add the X-XSS-Protection header with the value 1; mode=block. + - "traefik.http.middlewares.jellyfin-mw.headers.browserXSSFilter=true" + #### The customFrameOptionsValue allows the X-Frame-Options header value to be set with a custom value. This + #### overrides the FrameDeny option. + - "traefik.http.middlewares.jellyfin-mw.headers.customFrameOptionsValue='allow-from https://kovijoe.com'" + restart: unless-stopped + networks: + homenet: + aliases: + - jellyfin diff --git a/composes/docker-compose.traefik.yml b/composes/docker-compose.traefik.yml new file mode 100644 index 0000000..6fe2ed3 --- /dev/null +++ b/composes/docker-compose.traefik.yml @@ -0,0 +1,30 @@ +version: "3" +services: + traefik: + image: "traefik:v2.3" + container_name: "traefik" + command: + #- "--log.level=DEBUG" + #- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.http.address=:80" + - "--entrypoints.https.address=:443" + - "--entrypoints.http.transport.respondingTimeouts.readTimeout=86400" + - "--entrypoints.https.transport.respondingTimeouts.readTimeout=86400" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http" + - "--certificatesresolvers.letsencrypt.acme.email=kovacsadam07@outlook.hu" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--providers.file.directory=/etc/traefik/dynamic" + ports: + - "80:80" + - "443:443" + - "8081:8080" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "/mnt/Data/.system/containerdata/traefik/letsencrypt:/letsencrypt" + - "/mnt/Data/.system/containerdata/traefik/dynamic:/etc/traefik/dynamic" + networks: + - homenet \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 414f6ff..fe849ff 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,98 +1,29 @@ version: '3' -services: - -# Personal Media - jackett: - image: linuxserver/jackett - container_name: jackett +services: + nginxmain: + image: nginx:latest + container_name: nginxmain restart: unless-stopped:0 - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Budapest - volumes: - - "/mnt/Data/.system/containerdata/jackett/config:/config" - - "/mnt/Data/.system/containerdata/jackett/downloads:/downloads" ports: - - "9117:9117" - networks: - - homemedia - - radarr: - image: linuxserver/radarr - container_name: radarr - restart: unless-stopped:0 - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Budapest + - 8083:80 + labels: + - "traefik.enable=true" + - "traefik.http.routers.nginxmain.rule=Host(`kovijoe.com`, `www.kovijoe.com`)" + - "traefik.http.routers.nginxmain.entrypoints=http" + - "traefik.http.services.nginxmain.loadbalancer.server.port=80" + - "traefik.http.routers.nginxmain-secure.rule=Host(`kovijoe.com`, `www.kovijoe.com`)" + - "traefik.http.routers.nginxmain-secure.entrypoints=https" + - "traefik.http.routers.nginxmain-secure.tls.certresolver=letsencrypt" volumes: - - "/mnt/Data/.system/containerdata/radarr/config:/config" - - "Movies:/movies" - - "Downloads:/downloads/complete" - ports: - - 7878:7878 + - "/mnt/Data/.system/containerdata/nginxMain/data:/usr/share/nginx/html" + - "/mnt/Data/.system/containerdata/nginxMain/config/nginx.conf:/etc/nginx/nginx.conf" networks: - - homemedia - - sonarr: - image: linuxserver/sonarr - container_name: sonarr - restart: unless-stopped:0 - environment: - - PUID=1001 - - PGID=1001 - - TZ=Europe/Budapest - volumes: - - "/dev/rtc:/dev/rtc:ro" - - "/mnt/Data/.system/containerdata/sonarr/config:/config" - - "TvShows:/tv" - - "Downloads:/downloads/complete" - ports: - - "8989:8989" - networks: - - homemedia - - transmissionMedia: - image: linuxserver/transmission - container_name: trnsmedia - restart: unless-stopped:0 - environment: - - PUID=1001 - - PGID=1001 - - TZ=Europe/Budapest - volumes: - - "/mnt/Data/.system/containerdata/transmissionMedia/config:/config" - - "Downloads:/downloads/complete" - - "DownloadsIncomplete:/downloads/incomplete" - ports: - - "9092:9091" - - "51414:51414" - - "51414:51414/udp" - networks: - homemedia: + homenet: aliases: - - trnsmedia - - heimdall: - image: linuxserver/heimdall - container_name: heimdall - restart: unless-stopped - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Budapest - volumes: - - "/mnt/Data/.system/containerdata/heimdall/config:/config" - ports: - - 8080:80 - networks: - homemedia: - aliases: - - heimdall + - nginxmain networks: - homemedia: + homenet: volumes: Downloads: