oxmox-dot-dev/docker-compose.yml

version: "3.3"

services:
  traefik:
    image: "traefik:v2.10"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--accesslog=true"
      - "--accesslog.filePath=/logs/access.log"
      - "--api.insecure=false"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=badctoxymoron@gmx.de"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      #- "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "./traefik/logs:/logs"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      # Make the traefik dashboard available under https://oxmox.root.sx/traefik/dashboard/
      # For some reason it's slow when used this way. It's fast when exposed via port 8080 and api.insecure=true.
      - "traefik.http.routers.traefik_api.rule=Host(`oxmox.root.sx`) && (PathPrefix(`/api`) || PathPrefix(`/traefik`))"
      - "traefik.http.routers.traefik_api.entrypoints=websecure"
      - "traefik.http.routers.traefik_api.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik_api.service=api@internal"
      - "traefik.http.routers.traefik_api.middlewares=traefik_api_auth,traefik_api_strip"
      - "traefik.http.middlewares.traefik_api_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s."
      - "traefik.http.middlewares.traefik_api_strip.stripprefix.prefixes=/traefik/"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`oxmox.root.sx`) && Path(`/whoami`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"

  nextcloud-db:
    image: mariadb:latest
    container_name: "nextcloud-db"
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - ./nextcloud-db:/var/lib/mysql
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1000
      - PGID=1000
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password
    secrets:
      - nextcloud_db_password
      - nextcloud_db_root_password
    labels:
      - "traefik.enable=true"

  nextcloud-app:
    image: nextcloud:stable
    container_name: "nextcloud-app"
    restart: unless-stopped
    links:
      - nextcloud-db
    volumes:
      - ./nextcloud-app/nextcloud:/var/www/html
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=nextcloud-db
      - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password
      # https://github.com/nextcloud/docker/blob/master/README.md#using-the-apache-image-behind-a-reverse-proxy-and-auto-configure-server-host-and-protocol
      - APACHE_DISABLE_REWRITE_IP=1
      - TRUSTED_PROXIES=192.168.128.0/24
      - NEXTCLOUD_TRUSTED_DOMAINS=*
      #- NEXTCLOUD_ADMIN_USER=admin
      #- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password
    secrets:
      - nextcloud_db_password
      - nextcloud_db_root_password
      - nextcloud_admin_password
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud_app.rule=Host(`oxmox.root.sx`) && PathPrefix(`/nextcloud`)"
      - "traefik.http.routers.nextcloud_app.entrypoints=websecure"
      - "traefik.http.routers.nextcloud_app.tls.certresolver=myresolver"
      - "traefik.http.routers.nextcloud_app.middlewares=nextcloud_app_strip"
      - "traefik.http.middlewares.nextcloud_app_strip.stripprefix.prefixes=/nextcloud"
      #- "traefik.http.middlewares.nextcloud_app_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s."

      - "traefik.http.routers.nextcloud_dav.rule=Host(`oxmox.root.sx`) && PathPrefix(`/.well-known/`)"
      - "traefik.http.routers.nextcloud_dav.entrypoints=websecure"
      - "traefik.http.routers.nextcloud_dav.tls.certresolver=myresolver"
      - "traefik.http.routers.nextcloud_dav.middlewares=nextcloud_app_dav"
      - "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
      - "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.replacement=/remote.php/dav/"

  forgejo-db:
    image: mariadb:latest
    container_name: "forgejo-db"
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - ./forgejo/db:/var/lib/mysql
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1000
      - PGID=1000
      - MYSQL_DATABASE=forgejo
      - MYSQL_USER=forgejo
      - MYSQL_PASSWORD=forgejo1234
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/forgejo_db_root_password
    secrets:
      - forgejo_db_root_password
    labels:
      - "traefik.enable=true"

  forgejo-app:
    image: codeberg.org/forgejo/forgejo:1.20.3-0
    container_name: "forgejo-app"
    restart: unless-stopped
    links:
      - forgejo-db
    volumes:
      - ./forgejo/fata:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - FORGEJO__database__DB_TYPE=mysql
      - FORGEJO__database__HOST=db:3306
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=forgejo
      - FORGEJO__database__PASSWD=forgejo1234
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.forgejo_app.rule=Host(`oxmox.root.sx`) && PathPrefix(`/forge`)"
      - "traefik.http.routers.forgejo_app.entrypoints=websecure"
      - "traefik.http.routers.forgejo_app.tls.certresolver=myresolver"
      - "traefik.http.routers.forgejo_app.middlewares=forgejo_app_strip"
      - "traefik.http.middlewares.forgejo_app_strip.stripprefix.prefixes=/forgejo"
      - "traefik.http.services.forgejo_app.loadbalancer.server.port=3000"

secrets:
  nextcloud_db_password:
    file: ./secrets/nextcloud_db_password
  nextcloud_db_root_password:
    file: ./secrets/nextcloud_db_root_password
  nextcloud_admin_password:
    file: ./secrets/nextcloud_admin_password
  forgejo_db_root_password:
    file: ./secrets/forgejo_db_root_password
  

  #dashboard:
  #  image: "traefik/whoami"
  #  container_name: "dashboard-service"
  #  labels:
  #    - "traefik.enable=true"
  #    - "traefik.http.routers.dashboard.rule=Host(`oxmox.root.sx`) && PathPrefix(`/dashboard`)"
  #    - "traefik.http.routers.dashboard.entrypoints=websecure"
  #    - "traefik.http.routers.dashboard.tls.certresolver=myresolver"

  #wireguard:
  #  image: lscr.io/linuxserver/wireguard:latest
  #  container_name: wireguard
  #  labels:
  #    - "traefik.enable=true"
  #  cap_add:
  #    - NET_ADMIN
  #    #- SYS_MODULE
  #  environment:
  #    - PUID=1000
  #    - PGID=1000
  #    #- SERVERURL=wireguard.oxmox.root.sx #optional
  #    - SERVERPORT=51820 #optional
  #    - PEERS=1 #optional
  #    - PEERDNS=auto #optional
  #    - INTERNAL_SUBNET=10.42.23.0 #optional
  #    - ALLOWEDIPS=10.42.23.0/24 #optional
  #    - PERSISTENTKEEPALIVE_PEERS= #optional
  #    - LOG_CONFS=true #optional
  #  volumes:
  #    - ./wireguard:/config
  #    #- /lib/modules:/lib/modules #optional
  #  ports:
  #    - 51820:51820/udp
  #  sysctls:
  #    - net.ipv4.conf.all.src_valid_mark=1
  #  restart: unless-stopped
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`version: "3.3"`

			`services:`
			`traefik:`
			`image: "traefik:v2.10"`
			`container_name: "traefik"`
			`command:`
			`- "--log.level=DEBUG"`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`- "--accesslog=true"`
			`- "--accesslog.filePath=/logs/access.log"`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`- "--api.insecure=false"`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`- "--api.dashboard=true"`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`- "--providers.docker=true"`
			`- "--providers.docker.exposedbydefault=false"`
			`- "--entrypoints.websecure.address=:443"`
			`- "--certificatesresolvers.myresolver.acme.tlschallenge=true"`
			`#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"`
			`- "--certificatesresolvers.myresolver.acme.email=badctoxymoron@gmx.de"`
			`- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"`
			`ports:`
			`- "443:443"`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`#- "8080:8080"`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`volumes:`
			`- "./letsencrypt:/letsencrypt"`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`- "./traefik/logs:/logs"`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`- "/var/run/docker.sock:/var/run/docker.sock:ro"`
expose /etc/timezone & /etc/localtime to containers 2023-09-04 18:47:24 +02:00			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`labels:`
			`- "traefik.enable=true"`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`# Make the traefik dashboard available under https://oxmox.root.sx/traefik/dashboard/`
			`# For some reason it's slow when used this way. It's fast when exposed via port 8080 and api.insecure=true.`
			- "traefik.http.routers.traefik_api.rule=Host(`oxmox.root.sx`) && (PathPrefix(`/api`) \|\| PathPrefix(`/traefik`))"
			`- "traefik.http.routers.traefik_api.entrypoints=websecure"`
			`- "traefik.http.routers.traefik_api.tls.certresolver=myresolver"`
			`- "traefik.http.routers.traefik_api.service=api@internal"`
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`- "traefik.http.routers.traefik_api.middlewares=traefik_api_auth,traefik_api_strip"`
			`- "traefik.http.middlewares.traefik_api_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s."`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`- "traefik.http.middlewares.traefik_api_strip.stripprefix.prefixes=/traefik/"`

add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`whoami:`
			`image: "traefik/whoami"`
			`container_name: "simple-service"`
			`labels:`
			`- "traefik.enable=true"`
			- "traefik.http.routers.whoami.rule=Host(`oxmox.root.sx`) && Path(`/whoami`)"
			`- "traefik.http.routers.whoami.entrypoints=websecure"`
			`- "traefik.http.routers.whoami.tls.certresolver=myresolver"`

working nextcloud setup 2023-09-03 21:52:27 +02:00			`nextcloud-db:`
			`image: mariadb:latest`
			`container_name: "nextcloud-db"`
			`restart: unless-stopped`
			`command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW`
			`volumes:`
			`- ./nextcloud-db:/var/lib/mysql`
expose /etc/timezone & /etc/localtime to containers 2023-09-04 18:47:24 +02:00			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`environment:`
			`- PUID=1000`
			`- PGID=1000`
			`- MYSQL_DATABASE=nextcloud`
			`- MYSQL_USER=nextcloud`
			`- MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password`
			`- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password`
			`secrets:`
			`- nextcloud_db_password`
			`- nextcloud_db_root_password`
			`labels:`
			`- "traefik.enable=true"`

			`nextcloud-app:`
			`image: nextcloud:stable`
			`container_name: "nextcloud-app"`
			`restart: unless-stopped`
			`links:`
			`- nextcloud-db`
			`volumes:`
			`- ./nextcloud-app/nextcloud:/var/www/html`
expose /etc/timezone & /etc/localtime to containers 2023-09-04 18:47:24 +02:00			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`environment:`
			`- MYSQL_DATABASE=nextcloud`
			`- MYSQL_USER=nextcloud`
			`- MYSQL_HOST=nextcloud-db`
			`- MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password`
			`- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password`
			`# https://github.com/nextcloud/docker/blob/master/README.md#using-the-apache-image-behind-a-reverse-proxy-and-auto-configure-server-host-and-protocol`
			`- APACHE_DISABLE_REWRITE_IP=1`
			`- TRUSTED_PROXIES=192.168.128.0/24`
			`- NEXTCLOUD_TRUSTED_DOMAINS=*`
			`#- NEXTCLOUD_ADMIN_USER=admin`
			`#- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password`
			`secrets:`
			`- nextcloud_db_password`
			`- nextcloud_db_root_password`
			`- nextcloud_admin_password`
			`labels:`
			`- "traefik.enable=true"`
			- "traefik.http.routers.nextcloud_app.rule=Host(`oxmox.root.sx`) && PathPrefix(`/nextcloud`)"
			`- "traefik.http.routers.nextcloud_app.entrypoints=websecure"`
			`- "traefik.http.routers.nextcloud_app.tls.certresolver=myresolver"`
			`- "traefik.http.routers.nextcloud_app.middlewares=nextcloud_app_strip"`
			`- "traefik.http.middlewares.nextcloud_app_strip.stripprefix.prefixes=/nextcloud"`
			`#- "traefik.http.middlewares.nextcloud_app_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s."`

			- "traefik.http.routers.nextcloud_dav.rule=Host(`oxmox.root.sx`) && PathPrefix(`/.well-known/`)"
			`- "traefik.http.routers.nextcloud_dav.entrypoints=websecure"`
			`- "traefik.http.routers.nextcloud_dav.tls.certresolver=myresolver"`
			`- "traefik.http.routers.nextcloud_dav.middlewares=nextcloud_app_dav"`
			`- "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.regex=^/.well-known/ca(l\|rd)dav"`
			`- "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.replacement=/remote.php/dav/"`

add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`forgejo-db:`
			`image: mariadb:latest`
			`container_name: "forgejo-db"`
			`restart: unless-stopped`
			`command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW`
			`volumes:`
			`- ./forgejo/db:/var/lib/mysql`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`environment:`
			`- PUID=1000`
			`- PGID=1000`
			`- MYSQL_DATABASE=forgejo`
			`- MYSQL_USER=forgejo`
			`- MYSQL_PASSWORD=forgejo1234`
			`- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/forgejo_db_root_password`
			`secrets:`
			`- forgejo_db_root_password`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`labels:`
			`- "traefik.enable=true"`
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00
			`forgejo-app:`
			`image: codeberg.org/forgejo/forgejo:1.20.3-0`
			`container_name: "forgejo-app"`
			`restart: unless-stopped`
			`links:`
			`- forgejo-db`
			`volumes:`
			`- ./forgejo/fata:/data`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`environment:`
			`- USER_UID=1000`
			`- USER_GID=1000`
			`- FORGEJO__database__DB_TYPE=mysql`
			`- FORGEJO__database__HOST=db:3306`
			`- FORGEJO__database__NAME=forgejo`
			`- FORGEJO__database__USER=forgejo`
			`- FORGEJO__database__PASSWD=forgejo1234`
			`labels:`
			`- "traefik.enable=true"`
			- "traefik.http.routers.forgejo_app.rule=Host(`oxmox.root.sx`) && PathPrefix(`/forge`)"
			`- "traefik.http.routers.forgejo_app.entrypoints=websecure"`
			`- "traefik.http.routers.forgejo_app.tls.certresolver=myresolver"`
			`- "traefik.http.routers.forgejo_app.middlewares=forgejo_app_strip"`
			`- "traefik.http.middlewares.forgejo_app_strip.stripprefix.prefixes=/forgejo"`
			`- "traefik.http.services.forgejo_app.loadbalancer.server.port=3000"`
working nextcloud setup 2023-09-03 21:52:27 +02:00
			`secrets:`
			`nextcloud_db_password:`
			`file: ./secrets/nextcloud_db_password`
			`nextcloud_db_root_password:`
			`file: ./secrets/nextcloud_db_root_password`
			`nextcloud_admin_password:`
			`file: ./secrets/nextcloud_admin_password`
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`forgejo_db_root_password:`
			`file: ./secrets/forgejo_db_root_password`
working nextcloud setup 2023-09-03 21:52:27 +02:00
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00
			`#dashboard:`
			`# image: "traefik/whoami"`
			`# container_name: "dashboard-service"`
			`# labels:`
			`# - "traefik.enable=true"`
			# - "traefik.http.routers.dashboard.rule=Host(`oxmox.root.sx`) && PathPrefix(`/dashboard`)"
			`# - "traefik.http.routers.dashboard.entrypoints=websecure"`
			`# - "traefik.http.routers.dashboard.tls.certresolver=myresolver"`
add working but disabled wireguard conf Need to figure out what I actually want from wireguard, then set it up properly. 2023-09-03 14:17:09 +02:00
			`#wireguard:`
			`# image: lscr.io/linuxserver/wireguard:latest`
			`# container_name: wireguard`
			`# labels:`
			`# - "traefik.enable=true"`
			`# cap_add:`
			`# - NET_ADMIN`
			`# #- SYS_MODULE`
			`# environment:`
			`# - PUID=1000`
			`# - PGID=1000`
			`# #- SERVERURL=wireguard.oxmox.root.sx #optional`
			`# - SERVERPORT=51820 #optional`
			`# - PEERS=1 #optional`
			`# - PEERDNS=auto #optional`
			`# - INTERNAL_SUBNET=10.42.23.0 #optional`
			`# - ALLOWEDIPS=10.42.23.0/24 #optional`
			`# - PERSISTENTKEEPALIVE_PEERS= #optional`
			`# - LOG_CONFS=true #optional`
			`# volumes:`
			`# - ./wireguard:/config`
			`# #- /lib/modules:/lib/modules #optional`
			`# ports:`
			`# - 51820:51820/udp`
			`# sysctls:`
			`# - net.ipv4.conf.all.src_valid_mark=1`
			`# restart: unless-stopped`