taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docker: update traefik reverse proxy dockerfile

Browse Source
This commit is contained in:
Taqi Tahmid
2026-01-09 16:57:40 +02:00
parent cf23ad5a4f
commit 10f72b8b59
6 changed files with 53 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker/.gitignore vendored
View File

@@ -1 +1,2 @@
.env .env
**/.env

18
docker/jackett.yaml
View File

@@ -1,18 +0,0 @@
version: "3"
services:
jackett:
image: "linuxserver/jackett"
container_name: "jackett"
env_file:
./.env
volumes:
- ${DOCKERDIR}/appdata/jackett:/config
- ${DATADIR}/downloads:/downloads
- "/etc/localtime:/etc/localtime:ro"
ports:
- "9117:9117"
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}

7
docker/portainer.yaml
View File

@@ -1,9 +1,8 @@
version: "3"
services: services:
portainer: portainer:
image: portainer/portainer-ce:latest image: portainer/portainer-ce:latest
ports: # ports:
- 9000:9000 # - 9000:9000
volumes: volumes:
- /home/taqi/docker/portainer/data:/data - /home/taqi/docker/portainer/data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -22,7 +21,7 @@ services:
- "traefik.http.routers.portainer-rtr.service=portainer-svc" - "traefik.http.routers.portainer-rtr.service=portainer-svc"
- "traefik.http.services.portainer-svc.loadbalancer.server.port=9000" - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
- "traefik.http.routers.traefik-rtr.middlewares=middlewares-rate-limit@file,middlewares-secure-headers@file" - "traefik.http.routers.traefik-rtr.middlewares=middlewares-rate-limit@file,middlewares-secure-headers@file"
command: command:
--http-enabled --http-enabled
environment: environment:
- TZ=${TZ} - TZ=${TZ}

21
docker/radarr.yaml
View File

@@ -1,21 +0,0 @@
version: "3"
services:
radarr:
image: "linuxserver/radarr"
container_name: "radarr"
env_file:
./.env
volumes:
- ${DOCKERDIR}/appdata/radarr:/config
- ${DATADIR}/downloads:/downloads
- ${DATADIR}/movies:/movies
- "/etc/localtime:/etc/localtime:ro"
ports:
- "7878:7878"
restart: always
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
networks:
- bridge

36
docker/traefik/traefik-rules.yaml Normal file
View File

@@ -0,0 +1,36 @@
http:
middlewares:
# Rate Limiting Middleware
middlewares-rate-limit:
rateLimit:
average: 100
burst: 100
period: 1m
# Security Headers Middleware
middlewares-secure-headers:
headers:
browserXssFilter: true
contentTypeNosniff: true
frameDeny: true
permissionsPolicy: "GEOLOCATION 'none'; MICROPHONE 'none'; CAMERA 'none'"
referrerPolicy: "strict-origin-when-cross-origin"
stsIncludeSubdomains: true
stsMaxAge: 63072000
stsPreload: true
customFrameOptionsValue: "SAMEORIGIN"
customRequestHeaders:
X-Forwarded-Proto: "https"
tls:
options:
default:
#sniStrict: true # prevents leaking default cert; see https://doc.traefik.io/traefik/v2.2/https/tls/#strict-sni-checking
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

47
docker/traefikv3.yaml → docker/traefik/traefik.yaml
View File

@@ -1,5 +1,3 @@
version: '3.8'
networks: networks:
t3_proxy: t3_proxy:
name: t3_proxy name: t3_proxy
@@ -8,16 +6,10 @@ networks:
config: config:
- subnet: 192.168.90.0/24 - subnet: 192.168.90.0/24
secrets:
basic_auth_credentials:
file: $DOCKERDIR/secrets/basic_auth_credentials
cf_dns_api_token:
file: $DOCKERDIR/secrets/cf_dns_api_token
services: services:
traefik: traefik:
container_name: traefik container_name: traefik
image: traefik:3.0 image: traefik:3.6.6
restart: unless-stopped restart: unless-stopped
env_file: env_file:
- ./.env - ./.env
@@ -36,7 +28,6 @@ services:
- --api=true - --api=true
- --api.dashboard=true - --api.dashboard=true
# - --api.insecure=true # - --api.insecure=true
- --entrypoints.websecure.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
- --log=true - --log=true
- --log.filePath=/logs/traefik.log - --log.filePath=/logs/traefik.log
- --log.level=DEBUG - --log.level=DEBUG
@@ -52,6 +43,7 @@ services:
- --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME - --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME
- --providers.file.directory=/rules - --providers.file.directory=/rules
- --providers.file.watch=true - --providers.file.watch=true
- --certificatesresolvers.dns-cloudflare.acme.email=${CLOUDFLARE_EMAIL}
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
@@ -59,38 +51,23 @@ services:
# - 80:80 # - 80:80
- 443:443 - 443:443
- 8080:8080 - 8080:8080
# - target: 80
# published: 80
# protocol: tcp
# mode: host
# - target: 443
# published: 443
# protocol: tcp
# mode: host
# - target: 8080
# published: 8585
# protocol: tcp
# mode: host
volumes: volumes:
- $DOCKERDIR/appdata/traefik3/rules/$HOSTNAME:/rules - ./traefik-rules.yaml:/rules/traefik-rules.yaml
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- $DOCKERDIR/appdata/traefik3/acme/acme.json:/acme.json - $DOCKERDIR/appdata/traefik/acme/acme.json:/acme.json
- $DOCKERDIR/logs/$HOSTNAME/traefik:/logs - $DOCKERDIR/logs/traefik:/logs
environment: environment:
- PUID=${PUID} - PUID=${PUID}
- PGID=${PGID} - PGID=${PGID}
- TZ=$TZ - TZ=$TZ
- CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token - CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN}
- HTPASSWD_FILE=/run/secrets/basic_auth_credentials
- DOMAINNAME=${DOMAINNAME} - DOMAINNAME=${DOMAINNAME}
secrets: - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- cf_dns_api_token
- basic_auth_credentials
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.traefik-rtr.entrypoints=websecure" - "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.${DOMAINNAME}`)" - "traefik.http.routers.api.rule=Host(`traefik.${DOMAINNAME}`)"
- "traefik.http.routers.traefik-rtr.service=api@internal" - "traefik.http.routers.api.service=api@internal"
# Middlewares # Middlewares
- "traefik.http.routers.traefik-rtr.middlewares=middlewares-rate-limit@file,middlewares-secure-headers@file,middlewares-basic-auth@file" - "traefik.http.routers.api.middlewares=middlewares-rate-limit@file,middlewares-secure-headers@file"