-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yaml
124 lines (118 loc) · 4.92 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
services:
traefik:
image: traefik:v3.1.1
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
# - 443:443/tcp # Uncomment if you want HTTP3
# - 443:443/udp # Uncomment if you want HTTP3
environment:
CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN} # if using .env
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
env_file: .env # use .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/data/traefik.yml:/traefik.yml:ro
- ./traefik/data/acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.mccawley.me`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.mccawley.me`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=mccawley.me"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.mccawley.me"
- "traefik.http.routers.traefik-secure.service=api@internal"
linkstack:
container_name: linkstack
image: linkstackorg/linkstack:latest
environment:
- TZ=${TZ}
- SERVER_ADMIN=${SERVER_ADMIN}
- HTTP_SERVER_NAME=ryan.mccawley.me
- HTTPS_SERVER_NAME=ryan.mccawley.me
- LOG_LEVEL=info
- PHP_MEMORY_LIMIT=512M
- UPLOAD_MAX_FILESIZE=16M
labels:
- "traefik.enable=true"
- "traefik.http.routers.name-ui.rule=Host(`ryan.mccawley.me`)"
- "traefik.http.routers.name-ui.entrypoints=https"
- "traefik.http.routers.name-ui.tls=true"
- "traefik.http.routers.name-ui.tls.certresolver=cloudflare"
- "traefik.http.routers.name-ui.service=name-ui"
- "traefik.http.services.name-ui.loadBalancer.server.port=443"
- "traefik.http.services.name-ui.loadbalancer.server.scheme=https"
- "traefik.http.routers.name-ui.middlewares=name-head,default@file"
- "traefik.http.middlewares.name-head.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.name-head.headers.customResponseHeaders.X-Robots-Tag=none"
- "traefik.http.middlewares.name-head.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000"
- "traefik.http.middlewares.name-head.headers.stsSeconds=31536000"
- "traefik.http.middlewares.name-head.headers.accesscontrolalloworiginlist=*"
- "traefik.docker.network=traefik_web"
volumes:
- linkstack-data:/htdocs
networks:
- proxy
restart: unless-stopped
homeassistant:
container_name: homeassistant
image: ghcr.io/home-assistant/home-assistant:stable
volumes:
- ./homeassistant:/config
- /run/dbus:/run/dbus:ro
environment:
- TZ=${TZ}
labels:
- "traefik.enable=true"
- "traefik.http.routers.homeassistant.rule=Host(`ha.mccawley.me`)"
- "traefik.http.routers.homeassistant.entrypoints=https"
- "traefik.http.routers.homeassistant.tls=true"
- "traefik.http.routers.homeassistant.tls.certresolver=cloudflare"
- "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
- "traefik.http.routers.homeassistant.middlewares=default@file"
- "traefik.http.middlewares.simple-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.homeassistant.middlewares=simple-redirect"
restart: unless-stopped
networks:
- proxy
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
environment:
PUID: 1000 # optional, your user id
PGID: 1000 # optional, your group id
ports:
- 3000:3000
env_file: .env
volumes:
- ./homepage:/app/config # Make sure your local config directory exists
- /var/run/docker.sock:/var/run/docker.sock:ro # optional, for docker integrations
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.homepage.rule=Host(`homepage.mccawley.me`)"
- "traefik.http.routers.homepage.entrypoints=https"
- "traefik.http.routers.homepage.tls.certresolver=myresolver"
- "traefik.http.services.homepage.loadbalancer.server.port=3000"
networks:
proxy:
volumes:
linkstack-data:
networks:
proxy:
external: true