chris/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'caddy-docker'

Browse Source
This commit is contained in:
Chris King
2025-01-13 11:51:02 -08:00
parent 8a07851ab8 63edf652b7
commit b94f8d6557
13 changed files with 141 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
actual-server/docker-compose.yml
View File

@@ -1,10 +1,15 @@
name: actual-server
services:
actual_server:
app:
image: docker.io/actualbudget/actual-server:latest
ports:
networks:
- proxy-net
#ports:
# This line makes Actual available at port 5006 of the device you run the server on,
# i.e. http://localhost:5006. You can change the first number to change the port, if you want.
- '5006:5006'
# - '5006:5006'
expose:
- "5006"
#environment:
# - ACTUAL_LOGIN_METHOD=header
# Uncomment any of the lines below to set configuration options.
@@ -21,3 +26,7 @@ services:
# '/data' is the path Actual will look for its files in by default, so leave that as-is.
- ./data:/data
restart: unless-stopped
networks:
proxy-net:
external: true

8
authelia/docker-compose.yml
View File

@@ -1,6 +1,6 @@
name: "authelia"
name: authelia
services:
authelia:
app:
image: authelia/authelia:latest
restart: unless-stopped
depends_on:
@@ -25,9 +25,9 @@ services:
AUTHELIA_AUTHENTICATION_BACKEND_FILE_PATH: /run/secrets/users_database
AUTHELIA_TOTP_ISSUER: tremendousturtle.tools
AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: deny
AUTHELIA_SESSION_REDIS_HOST: redis
AUTHELIA_SESSION_REDIS_HOST: authelia-redis-1
AUTHELIA_SESSION_REDIS_PORT: 6379
AUTHELIA_STORAGE_POSTGRES_ADDRESS: tcp://database:5432
AUTHELIA_STORAGE_POSTGRES_ADDRESS: tcp://authelia-database-1:5432
AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia
AUTHELIA_STORAGE_POSTGRES_USERNAME: authelia
AUTHELIA_NOTIFIER_SMTP_ADDRESS: submissions://smtp.mailgun.org:465

18
authentik/docker-compose.yml
View File

@@ -1,6 +1,6 @@
name: authentik
services:
postgresql:
db:
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
healthcheck:
@@ -29,13 +29,13 @@ services:
timeout: 3s
volumes:
- redis:/data
server:
app:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.2}
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_REDIS__HOST: authentik-redis-1
AUTHENTIK_POSTGRESQL__HOST: authentik-db-1
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
@@ -51,7 +51,7 @@ services:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
postgresql:
db:
condition: service_healthy
redis:
condition: service_healthy
@@ -60,8 +60,8 @@ services:
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_REDIS__HOST: authentik-redis-1
AUTHENTIK_POSTGRESQL__HOST: authentik-db-1
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
@@ -80,7 +80,7 @@ services:
env_file:
- .env
depends_on:
postgresql:
db:
condition: service_healthy
redis:
condition: service_healthy
@@ -93,4 +93,4 @@ volumes:
networks:
proxy-net:
external: true
external: true

56
caddy/Caddyfile
View File

@@ -23,10 +23,11 @@
zone_token {env.CF_ZONE_TOKEN}
api_token {env.CF_API_TOKEN}
}
resolvers 1.1.1.1 1.0.0.1
}
}
(secure) {
forward_auth {args[0]} authelia:9091 {
forward_auth {args[0]} authelia-app-1:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
@@ -54,7 +55,15 @@
import ttt-log {args[0]}
import tls
import secure *
import ttt-proxy {args[0]} {args[1]}
import ttt-proxy {args[0]}-app-1 {args[1]}
}
}
(ttt-app-local) {
{args[0]}.tremendousturtle.tools {
import ttt-log {args[0]}
import tls
import secure *
import ttt-proxy host.docker.internal {args[1]}
}
}
(ttt-app-alt) {
@@ -74,43 +83,34 @@ tremendousturtle.tools {
auth.tremendousturtle.tools {
import tls
reverse_proxy 127.0.0.1:9091
reverse_proxy authelia-app-1:9091
}
authentik.tremendousturtle.tools {
import tls
reverse_proxy 127.0.0.1:9000
reverse_proxy authentik-app-1:9000
}
# Define code.tremendousturtle.tools
import ttt-app code 8020
# Locally hosted non-docker apps (proxies to 192.168.1.234 instead of localhost)
import ttt-app-local code 8020
import ttt-app-local pihole 1080
import ttt-app-local sonarr 8989
import ttt-app-local radarr 7878
import ttt-app-local prowlarr 9696
import ttt-app-local cockpit 9090
# Docker apps with same subdomain as docker compose project name
import ttt-app frigate 8971
import ttt-app pihole 1080
import ttt-app stash 9999
import ttt-app sonarr 8989
import ttt-app radarr 7878
import ttt-app overseerr 5055
import ttt-app prowlarr 9696
import ttt-app openobserve 5080
import ttt-app cockpit 9090
import ttt-app budget 5006
import ttt-app gitea 3000
import ttt-app homepage 3000
import ttt-app requestrr 4545
import ttt-app trilium 8040
import ttt-app notes 8040
# Alternate configuration (different subdomain and docker compose project name)
import ttt-app-alt budget actual-server-app-1 5006
import ttt-app-alt trilium triliumnext-notes-app-1 8080
import ttt-app-alt notes triliumnext-notes-app-1 8080
import ttt-app-alt stash stashapp-app-1 9999
import ttt-app-alt pihole1 192.168.1.116 80
import ttt-app homepage 3001

7
caddy/docker-compose.yml
View File

@@ -1,10 +1,13 @@
name: caddy
services:
caddy:
app:
build: .
restart: unless-stopped
env_file: .env
networks:
- proxy-net
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "80:80"
- "443:443"
@@ -29,4 +32,4 @@ configs:
volumes:
caddy_data:
caddy_config:
caddy_config:

15
frigate/docker-compose.yml
View File

@@ -1,6 +1,6 @@
name: frigate
services:
frigate:
container_name: frigate
app:
restart: unless-stopped
image: ghcr.io/blakeblackshear/frigate:stable
shm_size: "250mb"
@@ -17,12 +17,15 @@ services:
target: /tmp/cache
tmpfs:
size: 4000000000
networks:
- proxy-net
ports:
- "8971:8971"
- "8554:8554" # RTSP feeds
- "8555:8555/tcp" # WebRTC over tcp
- "8555:8555/udp" # WebRTC over udp
- "5000:5000" # VS Code schema validation allowed
expose:
- "8971"
environment:
LIBVA_DRIVER_NAME: "radeonsi" # FRIGATE_RTSP_PASSWORD: "69$nC*6$jADbc!"
labels:
@@ -32,5 +35,9 @@ services:
- homepage.href=https://frigate.tremendousturtle.tools/
- homepage.description=Camera Surveillance
- homepage.widget.type=frigate
- homepage.widget.url=http://192.168.1.234:5000
- homepage.widget.url=http://frigate-app-1:5000
- homepage.widget.enableRecentEvents=true
networks:
proxy-net:
external: true

15
gitea/docker-compose.yml
View File

@@ -1,30 +1,35 @@
networks:
gitea:
external: false
proxy-net:
external: true
name: gitea
services:
server:
app:
image: gitea/gitea:latest
environment:
USER_UID: 141
USER_GID: 150
GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: db:5432
GITEA__database__HOST: gitea-db-1:5432
GITEA__database__NAME: ${GITEA_DB_NAME}
GITEA__database__USER: ${GITEA_DB_USER}
GITEA__database__PASSWD__FILE: /run/secrets/postgres_pass
GITEA__server__SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE: gitea --config={{.CustomConf}} serv key-{{.Key.ID}}
restart: always
restart: unless-stopped
networks:
- gitea
- proxy-net
volumes:
- ./data/gitea:/data
- /home/git/.ssh/:/data/git/.ssh
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "127.0.0.1:2222:22"
expose:
- "3000"
depends_on:
- db
secrets:
@@ -32,7 +37,7 @@ services:
db:
image: postgres:14
restart: always
restart: unless-stopped
environment:
POSTGRES_USER: ${GITEA_DB_USER}
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_pass

17
homepage/docker-compose.yml
View File

@@ -6,8 +6,11 @@ services:
- dockerproxy
environment:
DOCKER_TEMPLATE_CREATED: true
ports:
- "3001:3000"
expose:
- "3000"
networks:
- proxy-net
- default
restart: unless-stopped
volumes:
- ./config:/app/config # Make sure your local config directory exists
@@ -19,8 +22,12 @@ services:
- SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
- TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
- POST=0 # Disallow any POST operations (effectively read-only)
ports:
- "127.0.0.1:2375:2375"
expose:
- "2375"
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
- /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
networks:
proxy-net:
external: true

10
openobserve/docker-compose.yml
View File

@@ -16,9 +16,13 @@ services:
restart: unless-stopped
depends_on:
- db
networks:
- proxy-net
- default
ports:
- "5080:5080"
- "5514:5514"
expose:
- "5080"
env_file: ./secrets/openobserve.env
environment:
ZO_DATA_DIR: /data
@@ -31,6 +35,10 @@ services:
- ./data/openobserve:/data
- ./data/stream:/stream
networks:
proxy-net:
external: true
secrets:
postgres_pass:
file: ./secrets/POSTGRES_PASS

10
orbital-sync/docker-compose.yml
View File

@@ -1,6 +1,10 @@
name: orbital-sync
services:
orbital-sync:
app:
image: mattwebbio/orbital-sync:1
restart: unless-stopped
networks:
- proxy-net
environment:
PRIMARY_HOST_BASE_URL: 'http://192.168.1.234:1080'
PRIMARY_HOST_PASSWORD: ""
@@ -8,3 +12,7 @@ services:
SECONDARY_HOSTS_1_PASSWORD: 'e8JBq59!pwM6Ppj'
INTERVAL_MINUTES: 60
VERBOSE: true
networks:
proxy-net:
external: true

19
requestrr/docker-compose.yml
View File

@@ -1,11 +1,18 @@
name: requestrr
services:
requestrr:
app:
image: thomst08/requestrr
hostname: requestrr
container_name: requestrr
networks:
- proxy-net
ports:
- 4545:4545
- "4545:4545"
expose:
- "4545"
volumes:
- ./config:/root/config
- ./data/tmp:/root/config/tmp
- ./config:/root/config
- ./data/tmp:/root/config/tmp
restart: unless-stopped
networks:
proxy-net:
external: true

12
stashapp/docker-compose.yml
View File

@@ -1,13 +1,17 @@
# APPNICENAME=Stash
# APPDESCRIPTION=An organizer for your porn, written in Go
name: stashapp
services:
stash:
app:
image: stashapp/stash:latest
container_name: stash
restart: unless-stopped
## the container's port must be the same with the STASH_PORT in the environment section
networks:
- proxy-net
ports:
- "9999:9999"
expose:
- "9999"
## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section
# network_mode: host
logging:
@@ -49,3 +53,7 @@ services:
- ./data/db:/db
## Where to store generated content (screenshots,previews,transcodes,sprites)
- /media/stashapp/generated:/generated
networks:
proxy-net:
external: true

12
triliumnext-notes/docker-compose.yml
View File

@@ -6,9 +6,15 @@ services:
volumes:
- ./data:/home/node/trilium-data
- ./config:/home/node/trilium-config
ports:
- "127.0.0.1:8040:8080"
expose:
- "8080"
networks:
- proxy-net
environment:
USER_UID: 1000
USER_GID: 1000
TRILIUM_CONFIG_INI_PATH: /home/node/trilium-config/config.ini
TRILIUM_CONFIG_INI_PATH: /home/node/trilium-config/config.ini
networks:
proxy-net:
external: true