services: watchtower: # https://github.com/Foxite/nicholas-fedor-watchtower container_name: watchtower privileged: true restart: unless-stopped image: nickfedor/watchtower environment: WATCHTOWER_CLEANUP: "true" WATCHTOWER_POLL_INTERVAL: 7200 volumes: - /var/run/docker.sock:/var/run/docker.sock # Note: Original Watchtower unmaintained (https://github.com/containrrr/watchtower/issues/2067), this is a fork frpc: # https://github.com/fatedier/frp image: fatedier/frpc:v0.65.0 container_name: frpc restart: always volumes: - ./frpc.toml:/frpc.toml network_mode: host labels: - "com.centurylinklabs.watchtower.enable=false" command: "-c /frpc.toml" authelia: # https://github.com/authelia/authelia image: authelia/authelia container_name: authelia user: "1000:1000" depends_on: - authelia-db volumes: - ./authelia_config:/config networks: - traefik labels: - "traefik.enable=true" - "traefik.http.routers.authelia.rule=Host(`auth.imranr.cloud`)" - "traefik.http.routers.authelia.entryPoints=websecure" - "traefik.http.routers.authelia.tls.certresolver=le" - "traefik.http.routers.authelia.tls=true" - "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fauth.imranr.cloud%2F" - "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true" - "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" - "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia:9091/api/verify?auth=basic" - "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true" - "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" expose: - 9091 restart: unless-stopped authelia-db: image: redis:alpine container_name: authelia-db user: "1000:1000" volumes: - authelia_db:/data networks: - traefik expose: - 6379 restart: unless-stopped traefik: # https://github.com/traefik/traefik image: traefik:latest container_name: traefik depends_on: - authelia command: - "--api=true" - "--api.dashboard=true" - "--api.insecure=false" - "--global.sendAnonymousUsage=false" - "--global.checkNewVersion=true" - "--log.level=DEBUG" - "--providers.docker=true" - "--providers.docker.exposedByDefault=false" - "--entryPoints.web=true" - "--entryPoints.web.address=:80" - "--entryPoints.web.http.redirections.entryPoint.to=websecure" - "--entryPoints.web.http.redirections.entryPoint.scheme=https" - "--entrypoints.web.http.redirections.entrypoint.permanent=true" - "--entryPoints.websecure=true" - "--entryPoints.websecure.address=:443" - "--certificatesresolvers.le.acme.email=contact@imranr.dev" - "--certificatesresolvers.le.acme.storage=./acme/acme.json" - "--certificatesresolvers.le.acme.tlschallenge=true" - "--entryPoints.websecure.proxyProtocol.trustedIPs=172.19.0.1/32" ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock - traefik_acme:/acme labels: - "traefik.enable=true" - "traefik.http.routers.api.rule=Host(`traefik.imranr.cloud`)" - "traefik.http.routers.api.entryPoints=websecure" - "traefik.http.routers.api.service=api@internal" - "traefik.http.routers.api.tls=true" - "traefik.http.routers.api.tls.certresolver=le" - "traefik.http.routers.api.middlewares=authelia@docker" restart: unless-stopped networks: - traefik filebrowser: # https://github.com/filebrowser/filebrowser container_name: filebrowser image: filebrowser/filebrowser restart: unless-stopped user: "1000:1000" volumes: - ./filebrowser_storage:/srv # Create first - filebrowser_db:/database depends_on: - traefik networks: - traefik labels: - "traefik.enable=true" - "traefik.http.routers.filebrowser.rule=Host(`files.imranr.cloud`)" - "traefik.http.routers.filebrowser.entrypoints=websecure" - "traefik.http.routers.filebrowser.tls=true" - "traefik.http.services.filebrowser.loadbalancer.server.port=80" - "traefik.http.routers.filebrowser.tls.certresolver=le" - "traefik.http.routers.filebrowser.middlewares=authelia@docker" volumes: filebrowser_db: traefik_acme: authelia_db: networks: traefik: ipam: config: - subnet: 172.19.0.0/16