selfhostingfromscratch/server.docker-compose.yaml

services:

    watchtower: # https://github.com/Foxite/nicholas-fedor-watchtower
        container_name: watchtower
        privileged: true
        restart: unless-stopped
        image: nickfedor/watchtower
        environment:
            WATCHTOWER_CLEANUP: "true"
            WATCHTOWER_POLL_INTERVAL: 7200
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        # Note: Original Watchtower unmaintained (https://github.com/containrrr/watchtower/issues/2067), this is a fork

    frpc: # https://github.com/fatedier/frp
        image: fatedier/frpc:v0.65.0
        container_name: frpc
        restart: always
        volumes:
        - ./frpc.toml:/frpc.toml
        network_mode: host
        labels:
            - "com.centurylinklabs.watchtower.enable=false"
        command: "-c /frpc.toml"

    authelia: # https://github.com/authelia/authelia
        image: authelia/authelia
        container_name: authelia
        user: "1000:1000"
        depends_on:
            - authelia-db
        volumes:
            - ./authelia_config:/config
        networks:
            - traefik
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.authelia.rule=Host(`auth.imranr.cloud`)"
            - "traefik.http.routers.authelia.entryPoints=websecure"
            - "traefik.http.routers.authelia.tls.certresolver=le"
            - "traefik.http.routers.authelia.tls=true"
            - "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fauth.imranr.cloud%2F"
            - "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true"
            - "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
            - "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia:9091/api/verify?auth=basic"
            - "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true"
            - "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
        expose:
            - 9091
        restart: unless-stopped
    authelia-db:
        image: redis:alpine
        container_name: authelia-db
        user: "1000:1000"
        volumes:
            - authelia_db:/data
        networks:
            - traefik
        expose:
            - 6379
        restart: unless-stopped

    traefik: # https://github.com/traefik/traefik
        image: traefik:latest
        container_name: traefik
        depends_on:
            - authelia
        command:
            - "--api=true"
            - "--api.dashboard=true"
            - "--api.insecure=false"
            - "--global.sendAnonymousUsage=false"
            - "--global.checkNewVersion=true"
            - "--log.level=DEBUG"
            - "--providers.docker=true"
            - "--providers.docker.exposedByDefault=false"
            - "--entryPoints.web=true"
            - "--entryPoints.web.address=:80"
            - "--entryPoints.web.http.redirections.entryPoint.to=websecure"
            - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
            - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
            - "--entryPoints.websecure=true"
            - "--entryPoints.websecure.address=:443"
            - "--certificatesresolvers.le.acme.email=contact@imranr.dev"
            - "--certificatesresolvers.le.acme.storage=./acme/acme.json"
            - "--certificatesresolvers.le.acme.tlschallenge=true"
            - "--entryPoints.websecure.proxyProtocol.trustedIPs=172.19.0.1/32"
        ports:
            - "80:80"
            - "443:443"
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - traefik_acme:/acme
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.api.rule=Host(`traefik.imranr.cloud`)"
            - "traefik.http.routers.api.entryPoints=websecure"
            - "traefik.http.routers.api.service=api@internal"
            - "traefik.http.routers.api.tls=true"
            - "traefik.http.routers.api.tls.certresolver=le"
            - "traefik.http.routers.api.middlewares=authelia@docker"
        restart: unless-stopped
        networks:
            - traefik

    filebrowser: # https://github.com/filebrowser/filebrowser
        container_name: filebrowser
        image: filebrowser/filebrowser
        restart: unless-stopped
        user: "1000:1000"
        volumes:
            - ./filebrowser_storage:/srv # Create first
            - filebrowser_db:/database
        depends_on:
            - traefik
        networks:
            - traefik
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.filebrowser.rule=Host(`files.imranr.cloud`)"
            - "traefik.http.routers.filebrowser.entrypoints=websecure"
            - "traefik.http.routers.filebrowser.tls=true"
            - "traefik.http.services.filebrowser.loadbalancer.server.port=80"
            - "traefik.http.routers.filebrowser.tls.certresolver=le"
            - "traefik.http.routers.filebrowser.middlewares=authelia@docker"

volumes:
    filebrowser_db:
    traefik_acme:
    authelia_db:

networks:
    traefik:
        ipam:
            config:
                - subnet: 172.19.0.0/16