version: "3.3" services: traefik: image: "traefik:v2.10" container_name: "traefik" command: - "--log.level=DEBUG" - "--accesslog=true" - "--accesslog.filePath=/logs/access.log" - "--api.insecure=false" - "--api.dashboard=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myresolver.acme.tlschallenge=true" #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - "--certificatesresolvers.myresolver.acme.email=badctoxymoron@gmx.de" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" ports: - "443:443" #- "8080:8080" volumes: - "./letsencrypt:/letsencrypt" - "./traefik/logs:/logs" - "/var/run/docker.sock:/var/run/docker.sock:ro" - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: - "traefik.enable=true" # Make the traefik dashboard available under https://oxmox.root.sx/traefik/dashboard/ # For some reason it's slow when used this way. It's fast when exposed via port 8080 and api.insecure=true. - "traefik.http.routers.traefik_api.rule=Host(`oxmox.root.sx`) && (PathPrefix(`/api`) || PathPrefix(`/traefik`))" - "traefik.http.routers.traefik_api.entrypoints=websecure" - "traefik.http.routers.traefik_api.tls.certresolver=myresolver" - "traefik.http.routers.traefik_api.service=api@internal" - "traefik.http.routers.traefik_api.middlewares=traefik_api_auth,traefik_api_strip" - "traefik.http.middlewares.traefik_api_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s." - "traefik.http.middlewares.traefik_api_strip.stripprefix.prefixes=/traefik/" whoami: image: "traefik/whoami" container_name: "simple-service" labels: - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`oxmox.root.sx`) && Path(`/whoami`)" - "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.tls.certresolver=myresolver" nextcloud-db: image: mariadb:latest container_name: "nextcloud-db" restart: unless-stopped command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW volumes: - ./nextcloud-db:/var/lib/mysql - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: - PUID=1000 - PGID=1000 - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password secrets: - nextcloud_db_password - nextcloud_db_root_password labels: - "traefik.enable=true" nextcloud-app: image: nextcloud:stable container_name: "nextcloud-app" restart: unless-stopped links: - nextcloud-db volumes: - ./nextcloud-app/nextcloud:/var/www/html - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_HOST=nextcloud-db - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password # https://github.com/nextcloud/docker/blob/master/README.md#using-the-apache-image-behind-a-reverse-proxy-and-auto-configure-server-host-and-protocol - APACHE_DISABLE_REWRITE_IP=1 - TRUSTED_PROXIES=192.168.128.0/24 - NEXTCLOUD_TRUSTED_DOMAINS=* #- NEXTCLOUD_ADMIN_USER=admin #- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password secrets: - nextcloud_db_password - nextcloud_db_root_password - nextcloud_admin_password labels: - "traefik.enable=true" - "traefik.http.routers.nextcloud_app.rule=Host(`oxmox.root.sx`) && PathPrefix(`/nextcloud`)" - "traefik.http.routers.nextcloud_app.entrypoints=websecure" - "traefik.http.routers.nextcloud_app.tls.certresolver=myresolver" - "traefik.http.routers.nextcloud_app.middlewares=nextcloud_app_strip" - "traefik.http.middlewares.nextcloud_app_strip.stripprefix.prefixes=/nextcloud" #- "traefik.http.middlewares.nextcloud_app_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s." - "traefik.http.routers.nextcloud_dav.rule=Host(`oxmox.root.sx`) && PathPrefix(`/.well-known/`)" - "traefik.http.routers.nextcloud_dav.entrypoints=websecure" - "traefik.http.routers.nextcloud_dav.tls.certresolver=myresolver" - "traefik.http.routers.nextcloud_dav.middlewares=nextcloud_app_dav" - "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" - "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.replacement=/remote.php/dav/" forgejo-db: image: mariadb:latest container_name: "forgejo-db" restart: unless-stopped command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW volumes: - ./forgejo/db:/var/lib/mysql - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: - PUID=1000 - PGID=1000 - MYSQL_DATABASE=forgejo - MYSQL_USER=forgejo - MYSQL_PASSWORD=forgejo1234 - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/forgejo_db_root_password secrets: - forgejo_db_root_password labels: - "traefik.enable=true" forgejo-app: image: codeberg.org/forgejo/forgejo:1.20.3-0 container_name: "forgejo-app" restart: unless-stopped links: - forgejo-db volumes: - ./forgejo/fata:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: - USER_UID=1000 - USER_GID=1000 - FORGEJO__database__DB_TYPE=mysql - FORGEJO__database__HOST=db:3306 - FORGEJO__database__NAME=forgejo - FORGEJO__database__USER=forgejo - FORGEJO__database__PASSWD=forgejo1234 labels: - "traefik.enable=true" - "traefik.http.routers.forgejo_app.rule=Host(`oxmox.root.sx`) && PathPrefix(`/forge`)" - "traefik.http.routers.forgejo_app.entrypoints=websecure" - "traefik.http.routers.forgejo_app.tls.certresolver=myresolver" - "traefik.http.routers.forgejo_app.middlewares=forgejo_app_strip" - "traefik.http.middlewares.forgejo_app_strip.stripprefix.prefixes=/forgejo" - "traefik.http.services.forgejo_app.loadbalancer.server.port=3000" secrets: nextcloud_db_password: file: ./secrets/nextcloud_db_password nextcloud_db_root_password: file: ./secrets/nextcloud_db_root_password nextcloud_admin_password: file: ./secrets/nextcloud_admin_password forgejo_db_root_password: file: ./secrets/forgejo_db_root_password #dashboard: # image: "traefik/whoami" # container_name: "dashboard-service" # labels: # - "traefik.enable=true" # - "traefik.http.routers.dashboard.rule=Host(`oxmox.root.sx`) && PathPrefix(`/dashboard`)" # - "traefik.http.routers.dashboard.entrypoints=websecure" # - "traefik.http.routers.dashboard.tls.certresolver=myresolver" #wireguard: # image: lscr.io/linuxserver/wireguard:latest # container_name: wireguard # labels: # - "traefik.enable=true" # cap_add: # - NET_ADMIN # #- SYS_MODULE # environment: # - PUID=1000 # - PGID=1000 # #- SERVERURL=wireguard.oxmox.root.sx #optional # - SERVERPORT=51820 #optional # - PEERS=1 #optional # - PEERDNS=auto #optional # - INTERNAL_SUBNET=10.42.23.0 #optional # - ALLOWEDIPS=10.42.23.0/24 #optional # - PERSISTENTKEEPALIVE_PEERS= #optional # - LOG_CONFS=true #optional # volumes: # - ./wireguard:/config # #- /lib/modules:/lib/modules #optional # ports: # - 51820:51820/udp # sysctls: # - net.ipv4.conf.all.src_valid_mark=1 # restart: unless-stopped