thomas/docker-server
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
docker-server/docker-compose.yaml
Thomas Lovén fe64c0e4c5 Some comments
2021-09-03 10:59:26 +02:00

135 lines
4.1 KiB
YAML
Raw Blame History

version: "2.4"
networks:
web:
# All containers that are routed through traefik needs to be on this network
external: true
services:
# Autheal will restart any container that has the label
# autoheal: true
# and fail their healthcheck
autoheal:
container_name: autoheal
restart: always
image: willfarrell/autoheal
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Traefik reverse proxy. Routes http and ssh trafic to the righ containers
# Controlled by container labels, see bottom of this compose file
traefik:
container_name: traefik
image: traefik
restart: always
environment:
- EMAIL
- PRIVATE_DOMAIN
- PUBLIC_DOMAIN
- TRAEFIK_CERTIFICATERESOLVERS_LE_ACME_EMAIL
networks:
web:
ipv4_address: 172.18.1.2
command:
- "--configFile=/data/traefik.yaml"
ports:
- 80:80
- 443:443
# Open port 8080 for debugging emergencies
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/data
healthcheck:
# Sometimes, traefik loses connection to authelia. The only thing that works then is a restart, handled by autoheal.
# I haven't checked for quite a while if this is still a problem, but might as well leave it in there.
test: ["CMD", "wget", "-O", "-", "authelia:9091/api/state"]
labels:
traefik.enable: true
traefik.http.services.traefik.loadbalancer.server.port: 8080
traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`)
traefik.http.routers.traefik.middlewares: auth@file
traefik.http.routers.traefik.tls.certResolver: le
autoheal: "true"
# Authelia handles access control with 2FA
authelia:
container_name: authelia
image: authelia/authelia
restart: always
volumes:
- ./authelia:/config
environment:
# - ENVIRONMENT=dev
- NODE_TLS_REJECT_UNAUTHORIZED=1
- AUTHELIA_JWT_SECRET
- AUTHELIA_SESSION_SECRET
- AUTHELIA_SESSION_DOMAIN
- AUTHELIA_TOTP_ISSUER
- TZ=Europe/Stockholm
networks:
web:
healthcheck:
test: ["CMD", "wget", "-O", "-", "127.0.0.1:9091/api/state"]
labels:
traefik.enable: true
traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`)
traefik.http.routers.authelia.tls.certResolver: le
traefik.http.routers.authelia.entrypoints: websecure
autoheal: "true"
# Homer provides a dashboard for all services. Configured through ./homer/config.yml
homer:
container_name: homer
image: b4bz/homer
restart: always
volumes:
- ./homer:/www/assets
environment:
UID: 1000
GID: 1001
networks:
web:
labels:
traefik.enable: true
traefik.http.routers.homer.rule: Host(`${PRIVATE_DOMAIN}`) || Host(`www.${PRIVATE_DOMAIN}`)
traefik.http.routers.homer.tls.certResolver: le
# Dozzle is an easy way to view docker logs through a web interface
dozzle:
image: amir20/dozzle
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
web:
labels:
traefik.enable: true
traefik.http.routers.dozzle.rule: Host(`logs.${PRIVATE_DOMAIN}`)
traefik.http.routers.dozzle.tls.certResolver: le
traefik.http.routers.dozzle.middlewares: auth@file
# labels:
# The following three labels are always needed. Make sure to replace <SERVICE> with a unique name
# traefik.enable: true
# traefik.http.routers.<SERVICE>.tls.certResolver: le
# traefik.http.routers.<SERVICE>.rule: Host(`<SERVICE>.${PRIVATE_DOMAIN}`)
# Alternatives:
# traefik.http.routers.<SERVICE>.rule: Host(`<SERVICE>.${PUBLIC_DOMAIN}`)
# traefik.http.routers.<SERVICE>.rule: Host(`<SERVICE>.${PRIVATE_DOMAIN}`) || HOST(`<SERVICE>.${PUBLIC_DOMAIN}`)
# Require authentication:
# traefik.http.routers.<SERVICE>.middlewares: auth@file
# If more than one port is exposed by the container:
# traefik.http.services.<SERVICE>.loadbalancer.server.port: <PORT>
# If container uses more than one network:
# traefik.docker.network: web
# Restart automatically if healthchech fails:
# autoheal: "true"
Reference in New Issue View Git Blame Copy Permalink