Merge branch 'main' into main

2024-12-23 11:40:34 +05:30 · 2024-12-23 11:40:34 +05:30 · c3a3aa70fd
commit c3a3aa70fd
--- a/0_skeleton/docker-compose.yml
+++ b/0_skeleton/docker-compose.yml
@ -1,6 +1,5 @@
-version: '3.3'
-
 services:
+
  example:
    image: user/image:tag
    container_name: example
@ -38,7 +37,7 @@ services:
    #  - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
    #  - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
    #  # Optional part for traefik middlewares
-    #  - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file,authelia@docker
+    #  - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file

 #networks:
 #  proxy:
--- a/README.md
+++ b/README.md
@ -19,7 +19,8 @@
 </div>

 ## ✨ Requirements
- Docker Compose
+- [Docker Engine](https://docs.docker.com/engine/install/)
+- [Docker Compose](https://docs.docker.com/compose/install/)

 ## 🎓 Usage
 - Volume bind mounts are assumed to be located at `/mnt/docker-volumes/<container-name>/`. You can adjust the path via the global env variable `DOCKER_VOLUME_STORAGE` to your liking though. The compose examples will fall back to `/mnt/docker-volumes/<container-name>/` if the env variable is not set on your Docker server.
@ -172,6 +173,7 @@ Tools and software for [software project management](https://en.wikipedia.org/wi
 - [Gitlab Community](examples/gitlab-ce) -  Self Hosted Git repository management, code reviews, issue tracking, activity feeds and wikis.
 - [Code-Server](examples/code-server) - VS Code in the browser, hosted on a remote server.
 - [Onedev](examples/onedev) - Self-hosted Git Server with CI/CD and Kanban.
+- [Atlassian Jira Core](examples/atlassian-jira-confluence) - Jira Core is a project and task management solution built for business teams.

 ### Automation and Monitoring

@ -221,7 +223,7 @@ A [gallery](https://en.wikipedia.org/wiki/Gallery_Software) is software that hel

 Software to manage audio and video material.

- [Arr-Suite](examples/arr-suite) - Docker stack consisting of Prowlarr, Sonarr, Radarr, Lidarr, Readarr, Flaresolverr, Qbittorrent and Emby.
+- [Arr-Suite](examples/arr-suite) - Docker stack consisting of Prowlarr, Sonarr, Radarr, Lidarr, Readarr, Bazarr, Flaresolverr, Qbittorrent and Emby/Jellyfin.
 - [Raveberry](examples/raveberry) - A multi-user music server with a focus on participation.
 - [Deemix](examples/deemix) - deemix is a barebone deezer downloader library built from the ashes of Deezloader Remix.
 - [Forte](examples/forte) - forte is a self-hosted music platform. You can either connect to a forte server or create your own server for your friends & family. However, it is also very convenient to use forte on your local machine as a stand-alone music player. Supports group streaming sessions.
@ -267,6 +269,7 @@ A [pastebin](https://en.wikipedia.org/wiki/Pastebin) is a type of online content

 - [PrivateBin](examples/privatebin) - PrivateBin is a minimalist, opensource online pastebin/discussion board where the server has zero knowledge of hosted data.
 - [Hemmelig](examples/hemmelig) - Keep your sensitive information out of chat logs, emails, and more with encrypted secrets. Free encrypted secret sharing for everyone!
+- [Opengist](examples/opengist) - Self-hosted pastebin powered by Git, open-source alternative to Github Gist.

 ### File Transfer & Synchronization

@ -282,7 +285,6 @@ A [pastebin](https://en.wikipedia.org/wiki/Pastebin) is a type of online content
 - [Gokapi](examples/gokapi) - Lightweight selfhosted Firefox Send alternative without public upload. AWS S3 supported.
 - [Projectsend](examples/projectsend) - ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs and much more!
 - [Pwndrop](examples/pwndrop) - pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
- [Droppy](examples/droppy) (deprecated) - droppy is a self-hosted file storage server with a web interface and capabilities to edit files and view media directly in the browser. It is particularly well-suited to be run on low-end hardware like the Raspberry Pi.
 - [PairDrop](examples/pairdrop) - PairDrop is a sublime alternative to AirDrop that works on all platforms. Send images, documents or text via peer to peer connection to devices in the same local network/Wi-Fi or to paired devices.
 - [MinIO](examples/minio) - MinIO is an object storage server, compatible with Amazon S3 cloud storage service, mainly used for storing unstructured data (such as photos, videos, log files, etc.).
 - [Transfer.sh](examples/transfer.sh) - Easy and fast file sharing from the command-line.
@ -367,9 +369,9 @@ Software that helps to increase security and privacy.
 - [Greenbone](examples/greenbone) - Greenbone is the world's most trusted provider of open source vulnerability management.
 - [SonarQube](examples/sonarqube) - SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages.
 - [Fail2ban](examples/fail2ban) - Fail2ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent against brute-force attacks.
+- [CrowdSec](examples/crowdsec) - The open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
 - [Tor-Browser](examples/tor-browser) - Running a Tor browser instance on any headless server.
 - [Firefox](examples/firefox) - Firefox by linuxserver.io allows you to run the popular Firefox web broser on a remote server.
- [Bibliogram](examples/bibliogram) (deprecated) - Bibliogram is a private front-end frontend to Instagram, similar to Invidous.
 - [Nitter](examples/nitter) - Nitter is an alternative front-end to Twitter, and was inspired by Invidious.
 - [Unify Network Application](examples/unify-network-application) - The Unifi-network-application software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance.

@ -387,6 +389,7 @@ A [wiki](https://en.wikipedia.org/wiki/Wiki) is a publication collaboratively ed
 - [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking.
 - [HedgeDoc](examples/hedgedoc) - HedgeDoc lets you create real-time collaborative markdown notes.
 - [Docmost](examples/docmost) - Docmost is an open source collaborative documentation and wiki software. It is an open-source alternative to the likes of Confluence and Notion.
+- [Atlassian Confluence](examples/atlassian-jira-confluence) - Confluence is a wiki solution built for business teams.

 ### Money, Budgeting & Management

@ -396,7 +399,7 @@ A [wiki](https://en.wikipedia.org/wiki/Wiki) is a publication collaboratively ed

 - [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data.
 - [Money-Balancer](examples/money-balancer) - A simple application for managing debt with your friends!
- [Firefly III](examples/firefly-iii) - A self-hosted manager for your personal finances.
+- [Firefly III](examples/firefly) - A self-hosted manager for your personal finances.
 - [VoucherVault](examples/vouchervault) - Django web application to store and manage vouchers, coupons, loyalty and gift cards digitally. Supports expiry notifications, transaction histories and file uploads.

 ### Genealogy
@ -448,6 +451,7 @@ Software that does not fit in another section.

 - [Network-Multitool](examples/network-multitool) - Multi-arch multitool for container network troubleshooting.
 - [IT-Tools](examples/it-tools) - Collection of handy online tools for developers, with great UX.
+- [Scratch-Map](examples/scratch-map) - An open-source scratch-off style map to track your travels.

 ## 🌟 Star History
 [![Star History Chart](https://api.star-history.com/svg?repos=Haxxnet/Compose-Examples&type=Date)](https://star-history.com/#Haxxnet/Compose-Examples&Date)
--- a/examples/adguard-home-sync/docker-compose.yml
+++ b/examples/adguard-home-sync/docker-compose.yml
@ -1,5 +1,5 @@
-version: "2.1"
 services:
+
  adguardhome-sync:
    image: linuxserver/adguardhome-sync
    container_name: adguardhome-sync
@ -18,4 +18,4 @@ services:
      - PGID=1000
    restart: unless-stopped
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home-sync:/config
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home-sync:/config
--- a/examples/adguard-home/docker-compose.yml
+++ b/examples/adguard-home/docker-compose.yml
@ -1,10 +1,9 @@
-version: "3"
-
 services:
+
  adguard:
+    image: adguard/adguardhome:latest
    container_name: adguard
    hostname: adguard
-    image: adguard/adguardhome:latest
    ports:
      - 3000:3000/tcp # only required during initial setup
      - 8080:80/tcp # web interface after setup
--- a/examples/answer/docker-compose.yml
+++ b/examples/answer/docker-compose.yml
@ -1,11 +1,10 @@
-version: "3"
-
 services:
+
  answer:
-    container_name: answer
    image: answerdev/answer
+    container_name: answer    
    ports:
-      - '9080:80'
+      - 9080:80
    expose:
      - 80
    restart: unless-stopped
--- a/examples/archivebox/docker-compose.yml
+++ b/examples/archivebox/docker-compose.yml
@ -1,6 +1,5 @@
-version: "3.9"
-
 services:
+
  archivebox:
    image: archivebox/archivebox:dev
    container_name: archivebox
--- a/examples/arr-suite/.env
+++ b/examples/arr-suite/.env
@ -0,0 +1,7 @@
+# see https://github.com/qdm12/gluetun-wiki for more details
+
+VPN_SERVICE_PROVIDER=mullvad
+VPN_TYPE=wireguard
+WIREGUARD_PRIVATE_KEY=<PrivateKey>
+WIREGUARD_ADDRESSES=<Subnet>
+SERVER_CITIES=<Location>
--- a/examples/arr-suite/README.md
+++ b/examples/arr-suite/README.md
@ -5,6 +5,7 @@
 - https://docs.linuxserver.io/images/docker-radarr/
 - https://docs.linuxserver.io/images/docker-lidarr/
 - https://docs.linuxserver.io/images/docker-readarr/
+- https://docs.linuxserver.io/images/docker-bazarr/
 - https://github.com/FlareSolverr/FlareSolverr
 - https://docs.linuxserver.io/images/docker-qbittorrent/
 - https://hub.docker.com/r/qmcgaw/gluetun
@ -33,47 +34,178 @@ Docker stack consisting of various arr-services like:
  - Used for music
 - Readarr
  - Used for books
+- Bazarr
+  - Used for subtitles 
 - Flaresolverr
-  - Used to bypass Cloudflare for prowlarr
-  - You must add it at prowlarr as indexer with the tag `flaresolverr`
+  - Used to bypass CloudFlare for indexers on Prowlarr
 - Qbittorrent
  - Used as download client; run behind gluetun vpn killswitch container
-  - A temporary password for the `admin` user will be printed to the container log on startup. Change it immediately to a static one that does not change again.
 - Gluetun
-  - Used for establishing an openvpn/wireguard killswitch vpn connection for qbittorrent
-  - Requires an active subscription for a vpn provider (e.g. Mullvad)
- Emby / Jellyfin
-  - Used to manage your media libraries and stream it from various devices
+  - Used to establish a VPN killswitch connection for Qbittorrent to a commercial VPN provider (e.g. Mullvad)
+- Emby or Jellyfin
+  - Used to manage your media libraries and stream content from various devices
 
 The following bind mount volumes are defined:

 - `/arr-suite/configs/<container-name>`
  - holds the config files of an arr container
- `/arr-suite/media/`
+- `/arr-suite/media/<folder>`
  - will hold your media files such as movies, music, books, tv-shows, qbittorrent downloads etc.

 ## Setup

-You can follow this Youtube tutorial on how to setup most of the arr applications:
+You can follow parts of [this Youtube tutorial](https://youtu.be/LD8-Qr3B2-o?si=49RQxJ5KRcoETCiQ&t=740) on how to configure most of the arr applications.

-https://www.youtube.com/watch?v=LD8-Qr3B2-o
+> **Note**:  As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks! The only exception is qbittorrent, which uses the vpn killswitch network of the gluetun container. Here, the gluetun container will expose qbittorrent's web ui on TCP/8080 and the IP address of your docker host server. Setup qbittorrent in all arr-applications using your server's local IP address, on which port 8080 is mapped to.

-**Note**:  As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks! The only exception is qbittorrent, which uses the vpn killswitch network of the gluetun container. Here, the gluetun container will expose qbittorrent's web ui on TCP/8080 and the IP address of your docker host server. Setup qbittorrent in all arr-applications using your server's local IP address, on which port 8080 is mapped to.
+Please make sure to configure authentication for all arr containers. Authentication is often optional and not enabled per default.

-> [!WARNING]
-> We configured qbittorrent to use the non-default path `/media/downloads` for downloads.
->
-> Please define this location path in the qbittorrent admin panel too!
+### Gluetun

-![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/278b800d-2b6b-45cb-a44c-7f56def7f9d3)
+Please refer to the official wiki of Gluetun to configure it for your commercial VPN provider in use.
+
+This must be done before spawning up the Docker Compose stack.
+
+For this compose example, we used Mullvad VPN, which is a privacy-friendly VPN provider that does not log. If you use another VPN provider, you have to adjust the environment variables typically.
+
+https://github.com/qdm12/gluetun-wiki
+
+### Volume Mappings
+
+The following bind mount volumes are defined within the Docker Compose stack:
+
+- `/arr-suite/configs/<container-name>`
+  - holds the config files of an arr container; automatically created during during compose stack start
+- `/arr-suite/media/<folder>`
+  - will hold your media files such as movies, music, books, tv-shows, qbittorrent downloads etc.
+  - only the downloads folder will be created automatically by Qbittorrent during compose stack start
+
+The media folders should be created before starting up the compose stack. To do so, issue these commands:
+
+````bash
+# create subfolders for our media library
+mkdir -p ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/{downloads,movies,tv-shows,music,books}
+
+# adjust permissions
+sudo chown -R 1000:1000 ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/
+sudo chmod -R 775 ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/
+````
+
+Afterwards, we can spawn up the stack via:
+
+````bash
+docker compose up -d
+````
+
+### Prowlarr
+
+#### API Connection to other Arrs
+
+After spawning up the compose stack, Prowlarr will be accessible on `http://<YOUR-IP>:9696`.
+
+Within Prowlarr, we have to configure API connectivity to Sonarr, Lidarr, Readarr and any other arrs. To do so, just log into Prowlarr via the HTTP UI and access `Settings > Apps` under `/settings/applications`. Hit the plus button and add your arr application.
+
+To add an arr application, you typically have to create an API key first. To do so, log into the other arr applications via the UI and create an API key. You can find the application area for this typically at `Settings > General > API Key` under `/settings/general`.
+
+Just make sure that the URL is correct and paste the API key. Should look something like this:

 ![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/8915f9f3-081f-41d2-9c5e-bdf9553e09c2)

 ![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/94de5802-3b26-420b-bb1d-ac82cd5a5cfb)

+> **Note**:  As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. 
+
+#### FlareResolverr CloudFlare Bypass
+
+Moreover, we will add FlareResolverr to Prowlarr in order to bypass CloudFlare for some indexers. To do so, head over to `Settings > Indexer` under `/settings/indexers`. Hit the plus button and add FlareResolverr. 
+
+Ensure to define the correct URL and also the tag `flaresolverr`. The tag must be defined again when adding indexers that are protected by CloudFlare (e.g. 1337x).
+
 ![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/19a26a74-dae0-4381-9614-46d20f912542)

-## Traefik + Emby + HTTP Headers
+![image](https://github.com/user-attachments/assets/548c8e93-24da-41fb-8b4d-ba7d9061b51f)
+
+#### Qbittorrent Download Client
+
+Finally, add Qbittorrent as download client to Prowlarr. Head over to `Settings > Download Clients` and add a new one. 
+
+Define your server's IP address at `Host` (or the container name `arr-suite-gluetun`) and `8080` at `Port`.
+
+![image](https://github.com/user-attachments/assets/a21d117c-7ebf-4e01-a14e-11b8e3e59600)
+
+### Qbittorrent
+
+> [!WARNING]
+> Qbittorrent is run behind the Gluetun VPN killswitch container. Therefore, we have to port map the Qbittorrent port 8080 at the gluetun container.
+>
+> This is also the reason why we define `arr-suite-gluetun` as host when adding Qbittorent and its port 8080 as download client to other arr containers.
+
+Log into the Qbittorrent's web UI. The UI is typically accessible from `http://<YOUR-IP>:8080`. 
+
+The default username is `admin`. Make sure to change the password immediately. The initial password is printed in the container logs. If you do not change the password immediately, a new password will be printed and set upon each container restart.
+
+Then head over to `Settings > Downloads` and configure the custom download path `/media/downloads` as follows:
+
+![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/278b800d-2b6b-45cb-a44c-7f56def7f9d3)
+
+> [!TIP]
+> If you would like to ensure that Qbittorrent downloads stuff via the gluetun VPN killswitch and not your personal WAN IP, you may use [this GitHub project](https://github.com/AKK9/torrent-ip-checker). It is an example torrent file, which does not actually download something malicious but reports back your disclosed IP address. The reported IP address must be the one from your commercial VPN provider like Mullvad.
+>
+> Just [download the torrent file](https://vvdapo30eb.execute-api.eu-west-2.amazonaws.com/torrent) and upload it via Qbittorrent's web UI via `File > Add torrent file`.
+
+![image](https://github.com/user-attachments/assets/5c7531eb-2cd7-4b16-968d-32a00cc4020a)
+
+#### Indexers
+
+Add your preferred indexers such as 1337X and many others. Do not forget to add the `flaresolverr` tag to bypass CloudFlare.
+
+### Sonarr, Radarr, Lidarr, Readarr, Bazarr
+
+All other arr applications follow the same configuration steps.
+
+- Sonarr is accessible at `http://<YOUR-IP>:8989/`
+- Radarr is accessible at `http://<YOUR-IP>:7878/`
+- Lidarr is accessible at `http://<YOUR-IP>:8686/`
+- Readarr is accessible at `http://<YOUR-IP>:8787/`
+- Bazarr is accessible at `http://<YOUR-IP>:6767/`
+
+Follow these steps for each individuall arr container:
+
+1. Configure authentication for the arr's HTTP UI. Can be done regularly via `Settings > General`.
+2. Ensure to define your media location. Can be done regularly via `Settings > Media Management > Root Folders > Path`. Should point to `/media/music` for Lidarr, `/media/tv-shows` for Sonarr, `/media/movies` for Radarr and `/media/books` for Readarr and so on. If those subdirectories do not exist yet, go ahead and create them via the following command:
+    - `mkdir -p /mnt/docker-volumes/arr-suite/media/{downloads,movies,tv-shows,music,books}`
+4. Configure Qbittorrent as download client. Can be done regularly via `Settings > Download Clients`. Define your server's IP address at `Host` (or the container name `arr-suite-gluetun`) and `8080` at `Port`.
+5. Configure Bazarr for Radarr and Sonarr. See https://wiki.bazarr.media/Getting-Started/Setup-Guide/
+6. Fix all `System > Health` warnings and errors reported by each arr container. May refer to https://wiki.servarr.com/.
+
+### Emby / Jellyfin
+
+The Docker Compose stack makes use of Emby as default. 
+
+You can switch to Jellyfin by removing the Emby container service and uncommenting the Jellyfin one though.
+
+- Emby or Jellyfin is accessible at `http://<YOUR-IP>:8096/`
+
+Follow the below steps to configure one of these media streaming containers:
+
+1. Setup authentication for your media streaming app. Is done automatically during the HTTP setup wizard.
+2. Ensure to define your media location for your library. Can be done natively via the HTTP UI settings.
+3. Configure transcoding and passthrough your GPU into the container (optional)
+
+### Reverse Proxy
+
+It is recommended to run all containers with an HTTP UI behind a reverse proxy. The reverse proxy can enforce a TLS encrypted communication channel with valid SSL certificates. Also add access controls via IP whitelisting, IdP forward-auth and many more.
+
+This example Compose Stack includes labels for the Traefik reverse proxy. Uncomment those to make use of it. Otherwise, remove them.
+
+If you run a different reverse proxy, please refer to the official documentation on how to configure proxy hosts. The ports to proxy on are defined in the Docker Compose file using the `expose` directive.
+
+> [!TIP]
+> Once a reverse proxy is in use, you can typically remove all port mappings from the Docker Compose file. The reverse proxy will do the proxying and must be placed in the same Docker bridge network as the arr media stack.
+>
+> Note that the Qbittorrent TCP/8080 port is mapped at the Gluetun VPN killswitch container. So your reverse proxy must proxy to the 8080 port mapped on your docker server's IP address in order to access the Qbittorrent admin UI.
+
+#### Traefik + Emby + HTTP Headers

 During the setup of Emby in a web browser (HTTPS via Traefik) you may notice errors in the developer console, which prevent the web page from loading properly.

--- a/examples/arr-suite/docker-compose.yml
+++ b/examples/arr-suite/docker-compose.yml
@ -1,5 +1,3 @@
-version: "3.6"
-
 services:

  # image used to index torrent links from the internet
@ -11,7 +9,7 @@ services:
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/prowlarr:/config # database and Prowlarr configs
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/prowlarr:/config # location of database and configs
    expose:
      - 9696/tcp # web ui
    ports:
@ -36,8 +34,8 @@ services:
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/sonarr:/config # database and Radarr configs
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/sonarr:/config # location of database and configs
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library + qbittorrent download folder
    expose:
      - 8989/tcp # web ui
    ports:
@ -62,8 +60,8 @@ services:
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/radarr:/config
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/radarr:/config # location of database and configs
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library + qbittorrent download folder
    expose:
      - 7878/tcp # web ui
    ports:
@ -88,8 +86,8 @@ services:
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/lidarr:/config
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/lidarr:/config # location of database and configs
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library + qbittorrent download folder
    expose:
      - 8686/tcp # web ui
    ports:
@ -114,8 +112,8 @@ services:
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/readarr:/config
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/readarr:/config # location of database and configs
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library + qbittorrent download folder
    expose:
      - 8787/tcp # web ui
    ports:
@ -131,6 +129,32 @@ services:
    #  # Optional part for traefik middlewares
    #  - traefik.http.routers.readarr.middlewares=local-ipwhitelist@file

+  # image used to manage subtitles
+  bazarr:
+    image: lscr.io/linuxserver/bazarr:latest
+    container_name: arr-suite-bazarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/bazarr:/config # location of database and configs
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library (optional)
+    expose:
+      - 6767/tcp # web ui
+    ports:
+      - 6767:6767/tcp # web ui
+    restart: unless-stopped
+    #networks:
+    #  - proxy
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.docker.network=proxy
+    #  - traefik.http.routers.bazarr.rule=Host(`bazarr.example.com`)
+    #  - traefik.http.services.bazarr.loadbalancer.server.port=6767
+    #  # Optional part for traefik middlewares
+    #  - traefik.http.routers.bazarr.middlewares=local-ipwhitelist@file
+
  # image used to bypass cloudflare for prowlarr
  flaresolverr:
    image: flaresolverr/flaresolverr:latest
@ -157,10 +181,11 @@ services:
    environment:
      # see https://github.com/qdm12/gluetun-wiki for more details
      # example envs based on https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md
-      - VPN_SERVICE_PROVIDER=mullvad # define the vpn provider
-      - VPN_TYPE=wireguard # define the vpn protocol to use
-      - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # define your wireguard private key here
-      - WIREGUARD_ADDRESSES=10.64.222.21/32 # define the ipv4 vpn network subnet here
+      - VPN_SERVICE_PROVIDER=${VPN_SERVICE_PROVIDER:-mullvad} # define the vpn provider
+      - VPN_TYPE=${VPN_TYPE:-wireguard} # define the vpn protocol to use
+      - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY:?WIREGUARD_PRIVATE_KEY must be set} # define your wireguard private key here
+      - WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESSES:?WIREGUARD_ADDRESSES must be set} # define the ipv4 vpn network subnet here
+      - SERVER_CITIES=${SERVER_CITIES:?SERVER_CITIES must be set} # define the server cities
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/gluetun:/gluetun
    restart: unless-stopped
@ -184,8 +209,8 @@ services:
      - TZ=Europe/Berlin
      - WEBUI_PORT=8080
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config # location of database and configs
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads # location of qbittorrent downloads
    depends_on:
      - gluetun
    network_mode: container:arr-suite-gluetun # use the gluetun container network (vpn killswitch)
@ -200,9 +225,9 @@ services:
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby:/config # emby data storage location; can grow very large
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # media goes here
-      #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby/lib:/opt/vc/lib # optional; path for Raspberry Pi OpenMAX libs
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby:/config # location of database and configs; can grow very large
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # location of media library
+      #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby/lib:/opt/vc/lib # location for Raspberry Pi OpenMAX libs (optional)
    expose:
      - 8096/tcp # http web ui
      - 8920/tcp # https web ui
@ -234,9 +259,9 @@ services:
  #    - PGID=1000
  #    - TZ=Europe/Berlin
  #  volumes:
-  #    - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin:/config # emby data storage location; can grow very large
-  #    - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # media goes here
-  #    #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin/lib:/opt/vc/lib # optional; path for Raspberry Pi OpenMAX libs
+  #    - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin:/config # location of database and configs; can grow very large
+  #    - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # location of media library
+  #    #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin/lib:/opt/vc/lib # location for Raspberry Pi OpenMAX libs (optional)
  #  expose:
  #    - 8096/tcp # http web ui
  #  ports:
--- a/examples/atlassian-jira-confluence/README.md
+++ b/examples/atlassian-jira-confluence/README.md
@ -0,0 +1,14 @@
+# References
+
+- https://atlassian.github.io/data-center-helm-charts/containers/JIRA/
+- https://atlassian.github.io/data-center-helm-charts/containers/CONFLUENCE/
+- https://hub.docker.com/r/atlassian/jira-core
+- https://hub.docker.com/r/atlassian/confluence
+
+# Notes
+
+The Jira Core container requires a database.
+
+The compose stack will spawn up a postgresql database for this. You can configure the database connection from Jira's setup wizard via the HTTP UI.
+
+May use a dedicated `.env` file to provide your custom DB credentials. Ensure to use secure passwords!
--- a/examples/atlassian-jira-confluence/docker-compose.yml
+++ b/examples/atlassian-jira-confluence/docker-compose.yml
@ -0,0 +1,126 @@
+services:
+
+  confluence:
+    image: atlassian/confluence:9.0.3
+    container_name: confluence
+    hostname: confluence
+    restart: unless-stopped
+    environment:
+      # detailed debug messages during the container initialization
+      - VERBOSE_LOGS=false
+      # maximum number of days for access logs to be retained before being deleted
+      - ATL_TOMCAT_ACCESS_LOGS_MAXDAYS=360
+      # The maximum time a user can remain logged-in with remember me feature (in seconds; default 2 weeks).
+      - ATL_AUTOLOGIN_COOKIE_AGE=1209600
+      # The minimum heap size of the JVM
+      - JVM_MINIMUM_MEMORY=1024m
+      # maximum heap size of the JVM
+      - JVM_MAXIMUM_MEMORY=1024m
+      # reserved code cache size of the JVM
+      - JVM_RESERVED_CODE_CACHE_SIZE=256m
+      # reverse proxy setup
+      - ATL_PROXY_NAME=confluence.example.com
+      - ATL_PROXY_PORT=443
+      - ATL_TOMCAT_PORT=8090
+      - ATL_TOMCAT_SCHEME=https
+      - ATL_TOMCAT_SECURE=false
+      # list of trusted reverse proxy ips separated by a pipe character
+      - ATL_TOMCAT_TRUSTEDPROXIES=192.168.0.0/24|10.0.0.0/8|172.16.0.0/16
+    ports:
+      - 8090:8090/tcp
+    expose:
+      - 8090 # http web
+      - 8091 # synchrony api
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/confluence/data:/var/atlassian/application-data/confluence
+    networks:
+      - atlassian-network
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.docker.network=atlassian-network
+    #  - traefik.http.routers.confluence.rule=Host(`confluence.example.com`)
+    #  - traefik.http.services.confluence.loadbalancer.server.port=8090
+    #  # Optional part for file upload max sizes
+    #  - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
+    #  - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
+    #  - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
+    #  - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
+    #  # Optional part for traefik middlewares
+    #  - traefik.http.routers.confluence.middlewares=local-ipwhitelist@file      
+
+  jira:
+    image: atlassian/jira-core:9.9.2
+    container_name: jira
+    hostname: jira
+    restart: unless-stopped
+    environment:
+      # detailed debug messages during the container initialization
+      - VERBOSE_LOGS=false
+      # maximum number of days for access logs to be retained before being deleted
+      - ATL_TOMCAT_ACCESS_LOGS_MAXDAYS=360
+      # The maximum time a user can remain logged-in with remember me feature (in seconds; default 2 weeks)
+      - ATL_AUTOLOGIN_COOKIE_AGE=1209600
+      # The minimum heap size of the JVM
+      - JVM_MINIMUM_MEMORY=1024m
+      # maximum heap size of the JVM
+      - JVM_MAXIMUM_MEMORY=1024m
+      # reserved code cache size of the JVM
+      - JVM_RESERVED_CODE_CACHE_SIZE=256m
+      # reverse proxy setup
+      - ATL_PROXY_NAME=jira.example.com
+      - ATL_PROXY_PORT=443
+      - ATL_TOMCAT_PORT=8090
+      - ATL_TOMCAT_SCHEME=https
+      - ATL_TOMCAT_SECURE=false
+      # list of trusted reverse proxy ips separated by a pipe character
+      - ATL_TOMCAT_TRUSTEDPROXIES=192.168.0.0/24|10.0.0.0/8|172.16.0.0/16
+    depends_on:
+      - postgresql
+    ports:
+      - 8080:8080/tcp
+    expose:
+      - 8080 # http web
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jira/data:/var/atlassian/application-data/jira
+    networks:
+      - atlassian-network
+      - internal-db-network
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.docker.network=atlassian-network
+    #  - traefik.http.routers.jira.rule=Host(`jira.example.com`)
+    #  - traefik.http.services.jira.loadbalancer.server.port=8080
+    #  # Optional part for file upload max sizes
+    #  - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
+    #  - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
+    #  - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
+    #  - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
+    #  # Optional part for traefik middlewares
+    #  - traefik.http.routers.jira.middlewares=local-ipwhitelist@file      
+
+  postgresql:
+    image: docker.io/library/postgres:16-alpine
+    container_name: jira-psql
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    expose:
+      - 5432
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jira/psql:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${PG_PASS:-jira}
+      POSTGRES_USER: ${PG_USER:-jira}
+      POSTGRES_DB: ${PG_DB:-jira}
+    networks:
+      - internal-db-network
+
+networks:
+  atlassian-network:
+    external: true
+  internal-db-network:
+    internal: true
--- a/examples/authelia/docker-compose.yml
+++ b/examples/authelia/docker-compose.yml
@ -1,13 +1,10 @@
-version: '3.3'
-
 services:
+
  authelia:
    image: authelia/authelia
    container_name: authelia
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/config:/config
-    networks:
-      - proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)'  # replace with your domain name
@ -15,11 +12,15 @@ services:
      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com'  # replace with your domain name
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length
+    ports:
+      - 9091:9091/tcp
    expose:
      - 9091
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
+    #networks:
+    #  - proxy      

  redis:
    image: redis:alpine
@ -27,14 +28,14 @@ services:
    command: redis-server --requirepass SuperSecureRedisAuthPassword # also reflect this in the authelia config file
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/redis:/data
-    networks:
-      - proxy
    expose:
      - 6379
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
+    #networks:
+    #  - proxy

-networks:
-   proxy:
-      external: true
+#networks:
+#   proxy:
+#      external: true
--- a/examples/authentik/.env
+++ b/examples/authentik/.env
@ -1,5 +1,5 @@
 # define the version to use
-AUTHENTIK_VERSION=2024.8
+AUTHENTIK_VERSION=2024.10

 # database credentials
 PG_USER=authentik
--- a/examples/authentik/README.md
+++ b/examples/authentik/README.md
@ -5,10 +5,20 @@

 # Notes

-After spawning up this Authentik stack, you will be greeted by Authentik's login dashboard. However, you have to onboard an admin user first. 
+Adjust the `.env` file with your private secrets and spawn up the stack:
+
+````
+docker compose up -d
+````
+
+After spawning up the Authentik stack, you will be greeted by Authentik's login dashboard. However, you have to onboard an admin user first. 

 This is done by visiting the following URL: 

 ````
-http(s)://<myserver>/if/flow/initial-setup/
+# with TLS reverse proxy
+https://<hostname>/if/flow/initial-setup/
+
+# without TLS reverse proxy
+https://<hostname>:9000/if/flow/initial-setup/
 ````
--- a/examples/authentik/docker-compose.yml
+++ b/examples/authentik/docker-compose.yml
@ -1,5 +1,3 @@
-version: "3.4"
-
 services:

  postgresql:
@ -40,7 +38,7 @@ services:
      - authentik-internal

  authentik-proxy:
-    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.8}
+    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.10}
    container_name: authentik
    restart: unless-stopped
    command: server
@ -54,6 +52,9 @@ services:
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/media:/media
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/custom-templates:/templates
+    ports:
+      - 9000:9000/tcp # http
+      - 9443:9443/tcp # https
    expose:
      - 9000
      - 9443
@ -65,17 +66,17 @@ services:
    networks:
      - proxy
      - authentik-internal
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.authentik.rule=Host(`authentik.example.com`) || HostRegexp(`{subdomain:[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?}.example.com`) && PathPrefix(`/outpost.goauthentik.io/`)
-      - traefik.http.services.authentik.loadbalancer.server.port=9000
-      - traefik.docker.network=proxy
-      - traefik.http.middlewares.authentik.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik
-      - traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true
-      - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.authentik.rule=Host(`authentik.example.com`) || HostRegexp(`{subdomain:[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?}.example.com`) && PathPrefix(`/outpost.goauthentik.io/`)
+    #  - traefik.http.services.authentik.loadbalancer.server.port=9000
+    #  - traefik.docker.network=proxy
+    #  - traefik.http.middlewares.authentik.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik
+    #  - traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true
+    #  - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version

  worker:
-    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.8}
+    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.10}
    container_name: authentik-worker
    restart: unless-stopped
    command: worker
@ -97,10 +98,11 @@ services:
      - postgresql
      - redis
    networks:
+      - proxy
      - authentik-internal

 networks:
  proxy:
    external: true
  authentik-internal:
-    external: true
+    internal: true
--- a/examples/bibliogram/README.md
+++ b/examples/bibliogram/README.md
@ -1,4 +0,0 @@
-# References
-
- https://hub.docker.com/r/schklom/bibliogram
- https://git.sr.ht/~cadence/bibliogram-docs/tree/master/docs/Configuring.md#files
--- a/examples/bibliogram/config.js
+++ b/examples/bibliogram/config.js
@ -1,3 +0,0 @@
-module.exports = {
-    website_origin: "https://mydomain.net"
-}
--- a/examples/bibliogram/docker-compose.yml
+++ b/examples/bibliogram/docker-compose.yml
@ -1,23 +0,0 @@
-version: '3.4'
-services:
-  bibliogram:
-    image: schklom/bibliogram
-    container_name: bibliogram
-    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bibliogram/config.js:/app/config.js:ro
-    ports:
-      - 10407:10407
-    restart: unless-stopped
-    #networks:
-    #  - proxy
-    #labels:
-    #  - traefik.enable=true
-    #  - traefik.docker.network=proxy
-    #  - traefik.http.routers.bibliogram.rule=Host(`bibliogram.example.com`)
-    #  - traefik.http.services.bibliogram.loadbalancer.server.port=10407
-    #  # Optional part for traefik middlewares
-    #  - traefik.http.routers.bibliogram.middlewares=local-ipwhitelist@file,authelia@docker
-
-#networks:
-#  proxy:
-#    external: true  
--- a/examples/bitwarden/docker-compose.yml
+++ b/examples/bitwarden/docker-compose.yml
@ -1,6 +1,5 @@
-version: "3.8"
-
 services:
+
  bitwarden:
    image: bitwarden/self-host:2024.8.0-beta
    container_name: bitwarden_unified
--- a/examples/bookstack/docker-compose.yml
+++ b/examples/bookstack/docker-compose.yml
@ -1,6 +1,5 @@
-version: "3"
-
 services:
+
  bookstack:
    image: linuxserver/bookstack
    container_name: bookstack
@ -18,6 +17,8 @@ services:
    restart: unless-stopped
    ports:
      - 8099:80
+    expose:
+      - 80
    depends_on:
      - bookstack_db
    #networks:
@ -47,6 +48,8 @@ services:
      - MYSQL_DATABASE=bookstackapp
      - MYSQL_USER=bookstack
      - MYSQL_PASSWORD=USERPW1
+    expose:
+      - 3306
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bookstack/mariadb-config:/config
    restart: unless-stopped
--- a/examples/caddy/docker-compose.yml
+++ b/examples/caddy/docker-compose.yml
@ -1,5 +1,5 @@
-version: "3.7"
 services:
+
  caddy:
    image: caddy:latest
    container_name: caddy
@ -9,6 +9,9 @@ services:
    ports:
      - "80:80"
      - "443:443"
+    expose:
+      - 80 # http
+      - 443 # https
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/CaddyFile:/etc/caddy/Caddyfile
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/data:/data
--- a/examples/changedetection/docker-compose.yml
+++ b/examples/changedetection/docker-compose.yml
@ -1,5 +1,5 @@
-version: "2.1"
 services:
+
  changedetection:
    image: lscr.io/linuxserver/changedetection.io:latest
    container_name: changedetection
@ -11,6 +11,8 @@ services:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/changedetection/config:/config
    ports:
      - 5000:5000
+    expose:
+      - 5000
    restart: unless-stopped
    #networks:
    #  - proxy
--- a/examples/chevereto/README.md
+++ b/examples/chevereto/README.md
@ -24,7 +24,7 @@ docker exec -it chevereto bash
 # fixing permissions to www-data
 mkdir -p /var/www/html/images/_assets
 chown -R www-data:www-data /var/www/html/images/*
-chmod -R 777 /var/www/html/images/*
+chmod -R 775 /var/www/html/images/*
 ````
 No container restart necessary. The web application should now work flawlessly.

--- a/examples/chevereto/docker-compose.yml
+++ b/examples/chevereto/docker-compose.yml
@ -1,8 +1,7 @@
-version: "3.7"
-
 services:
+
  chevereto:
-    image: ghcr.io/chevereto/chevereto:4.0
+    image: ghcr.io/chevereto/chevereto:4.1
    container_name: chevereto
    init: true
    restart: unless-stopped
@ -40,6 +39,8 @@ services:
    container_name: chevereto_mariadb
    restart: unless-stopped
    init: true
+    expose:
+      - 3306
    environment:
      MYSQL_DATABASE: chevereto
      MYSQL_USER: chevereto
--- a/examples/cloudflare-ddns/docker-compose.yml
+++ b/examples/cloudflare-ddns/docker-compose.yml
@ -1,5 +1,5 @@
-version: "3"
 services:
+
  cloudflare-ddns:
    image: favonia/cloudflare-ddns:latest
    container_name: cloudflare-ddns
--- a/examples/code-server/docker-compose.yml
+++ b/examples/code-server/docker-compose.yml
@ -1,5 +1,3 @@
-version: "2.1"
-
 services:

  code-server:
@ -18,6 +16,8 @@ services:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vscode/config:/config
    ports:
      - 8443:8443
+    expose:
+      - 8443
    restart: unless-stopped
    #networks:
    #  - proxy
--- a/examples/crowdsec/README.md
+++ b/examples/crowdsec/README.md
@ -0,0 +1,6 @@
+# References
+- https://github.com/crowdsecurity/crowdsec
+- https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
+- https://app.crowdsec.net/hub/collections
+- https://blog.lrvt.de/configuring-crowdsec-with-traefik/
+- https://www.reddit.com/r/selfhosted/comments/1dcn19v/standing_up_the_crowdsec_bouncer_plugin_in_traefik/
--- a/examples/crowdsec/docker-compose.yml
+++ b/examples/crowdsec/docker-compose.yml
@ -0,0 +1,34 @@
+services:
+
+  crowdsec:
+    image: crowdsecurity/crowdsec:v1.6.4
+    container_name: crowdsec
+    restart: unless-stopped
+    ports:
+      - 127.0.0.1:9876:8080 # http api for local fw bouncers
+      - 127.0.0.1:6060:6060 # metrics endpoint for prometheus
+    expose:
+      - 8080 # http api for bouncers
+      - 6060 # metrics endpoint for prometheus
+      - 7422 # appsec waf endpoint
+    volumes:
+      # crowdsec container data
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/crowdsec/data:/var/lib/crowdsec/data
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/crowdsec/etc:/etc/crowdsec
+      # log bind mounts into crowdsec
+      - /var/log/auth.log:/var/log/auth.log:ro
+      - /var/log/syslog:/var/log/syslog:ro
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik:ro
+    environment:
+      - GID=1000
+      - COLLECTIONS=crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/base-http-scenarios crowdsecurity/sshd crowdsecurity/linux crowdsecurity/appsec-crs crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching
+      #- BOUNCER_KEY_<NAME>=${CROWDSEC-BOUNCER-API-TOKEN:-FIXME-LAPI-KEY} # pre-supply a bouncer with api key
+      #- CUSTOM_HOSTNAME=crowdsec-host123
+    #security_opt:
+    #  - no-new-privileges=true      
+    #networks:
+    #  - proxy
+
+#networks:
+#  proxy:
+#    external: true
--- a/examples/cs2-dedicated-server/docker-compose.yml
+++ b/examples/cs2-dedicated-server/docker-compose.yml
@ -1,5 +1,3 @@
-version: '3.7'
-
 services:

  cs2-server:
--- a/examples/dashy/docker-compose.yml
+++ b/examples/dashy/docker-compose.yml
@ -1,10 +1,9 @@
---
-version: "3.8"
 services:
+
  dashy:
+    image: lissy93/dashy    
    container_name: dashy
    hostname: dashy
-    image: lissy93/dashy
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/dashy/config/config.yml:/app/public/conf.yml
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/dashy/icons:/app/public/item-icons
@ -14,7 +13,9 @@ services:
      - GID=1000
    restart: unless-stopped
    ports:
-      - 4000:80    
+      - 4000:80
+    expose:
+      - 80
    healthcheck:
      test: ['CMD', 'node', '/app/services/healthcheck']
      interval: 1m30s
--- a/examples/deemix/docker-compose.yml
+++ b/examples/deemix/docker-compose.yml
@ -1,13 +1,12 @@
-version: "3"
-
 services:
+
  deemix:
+    image: registry.gitlab.com/bockiii/deemix-docker:latest    
    container_name: deemix
+    hostname: deemix    
    environment:
      - PUID=1000
      - PGID=1000
-    hostname: deemix
-    image: registry.gitlab.com/bockiii/deemix-docker:latest
    restart: unless-stopped
    ports:
      - 6595:6595
--- a/examples/docmost/docker-compose.yml
+++ b/examples/docmost/docker-compose.yml
@ -1,9 +1,7 @@
-version: '3'
-
 services:

  docmost:
-    image: docmost/docmost:0.2.10
+    image: docmost/docmost:0.5
    container_name: docmost
    depends_on:
      - db
@ -53,6 +51,8 @@ services:
      - POSTGRES_USER=docmost
      - POSTGRES_PASSWORD=STRONG_DB_PASSWORD
    restart: unless-stopped
+    expose:
+      - 5432
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/database:/var/lib/postgresql/data
    #networks:
@ -62,6 +62,8 @@ services:
    image: redis:7.2-alpine
    container_name: docmost-redis
    restart: unless-stopped
+    expose:
+      - 6379
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/redis:/data
    #networks:
--- a/examples/docuseal/docker-compose.yml
+++ b/examples/docuseal/docker-compose.yml
@ -1,5 +1,3 @@
-version: '3'
-
 services:

  app:
@ -28,7 +26,7 @@ services:
    #  - traefik.http.routers.docuseal.middlewares=local-ipwhitelist@file,authelia@docker

  postgres:
-    image: postgres:15-alpine
+    image: postgres:16-alpine
    container_name: docuseal-db
    restart: unless-stopped
    environment:
--- a/examples/domainmod/docker-compose.yml
+++ b/examples/domainmod/docker-compose.yml
@ -1,6 +1,5 @@
---
-version: '3.7'
 services:
+
  app:
    image: domainmod/domainmod:latest
    container_name: domainmod_app
@ -20,6 +19,8 @@ services:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/domainmod/app:/var/www/html
    ports:
      - 8080:80
+    expose:
+      - 80
    restart: unless-stopped

  db:
--- a/examples/drone/docker-compose.yml
+++ b/examples/drone/docker-compose.yml
@ -1,6 +1,5 @@
-version: "3.7"
-
 services:
+
  drone-server:
    image: drone/drone:latest
    container_name: drone-server
@ -26,15 +25,15 @@ services:
      - DRONE_AGENTS_ENABLED=true
      - DRONE_GITEA_CLIENT_ID=XXX-XXX # change this to your client ID from Gitea; see https://docs.drone.io/server/provider/gitea/
      - DRONE_GITEA_CLIENT_SECRET=XXX-XXX # change this to your client secret from Gitea; see https://docs.drone.io/server/provider/gitea/
-    networks:
-      - proxy
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.drone-server.rule=Host(`drone.domain.tld`)
-      - traefik.http.services.drone-server.loadbalancer.server.port=80
-      - traefik.docker.network=proxy
-      # Part for local lan services only; disable to expose externally
-      - traefik.http.routers.drone-server.middlewares=local-ipwhitelist@file
+    #networks:
+    #  - proxy
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.drone-server.rule=Host(`drone.domain.tld`)
+    #  - traefik.http.services.drone-server.loadbalancer.server.port=80
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only; disable to expose externally
+    #  - traefik.http.routers.drone-server.middlewares=local-ipwhitelist@file

  drone-agent:
    image: drone/agent:1.2.1
@ -47,9 +46,9 @@ services:
      - DRONE_RPC_SERVER=http://drone-server:80
      - DRONE_RPC_SECRET=8aff725d2e16ef31fbc42
      - DRONE_RUNNER_CAPACITY=2
-    networks:
-      - proxy
+    #networks:
+    #  - proxy

-networks:
-  proxy:
-    external: true
+#networks:
+#  proxy:
+#    external: true
--- a/examples/droppy/README.md
+++ b/examples/droppy/README.md
@ -1,3 +0,0 @@
-# References
-
- https://github.com/silverwind/droppy (deprecated)
--- a/examples/droppy/docker-compose-deprecated.yml
+++ b/examples/droppy/docker-compose-deprecated.yml
@ -1,16 +0,0 @@
-version: '2'
-
-services:
-  droppy:
-    container_name: droppy
-    image: silverwind/droppy
-    ports:
-      - 8989:8989
-    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/droppy/config:/config
-      - /path/to/my/data/for/sharing:/files # path to shared files
-    environment:
-      - UID=1000
-      - GID=1000
-      - TZ="Europe/Berlin"
-    restart: unless-stopped
--- a/examples/duplicacy/docker-compose.yml
+++ b/examples/duplicacy/docker-compose.yml
@ -1,11 +1,9 @@
---
-version: '3.7'
-
 services:
+
  duplicacy-web:
+    image: saspus/duplicacy-web:mini    
    container_name: duplicacy-web
    hostname: myhost # pls adjust
-    image: saspus/duplicacy-web:mini
    environment:
      - USR_ID=1000 # user account id on the system
      - GRP_ID=1000 # group id on the system
@ -13,6 +11,8 @@ services:
      - DUPLICACY_WEB_VERSION=latest
    ports:
      - "3875:3875/tcp"
+    expose:
+      - 3875
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/config:/config
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/logs:/logs
--- a/examples/duplicati/docker-compose.yml
+++ b/examples/duplicati/docker-compose.yml
@ -1,18 +1,26 @@
-version: "3"
-
 services:
+
  duplicati:
+    image: linuxserver/duplicati:latest
    container_name: duplicati
+    hostname: duplicati
    entrypoint:
      - /init
    ports:
      - 8200:8200 # MGMT UI
+    expose:
+      - 8200
    environment:
      - PUID=0
      - PGID=1000
      - TZ=Europe/Berlin
-    hostname: duplicati
-    image: linuxserver/duplicati:latest
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/backups:/backups
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/config:/config
+      - /path/to/my/data/to/backup:/source # change this
+    #networks:
+    #  - proxy
    #labels:
    #  - com.centurylinklabs.watchtower.enable=false
    #  - traefik.enable=true
@ -21,8 +29,8 @@ services:
    #  - traefik.docker.network=proxy
    #  # Part for local lan services only
    #  - traefik.http.routers.duplicati.middlewares=local-ipwhitelist@file
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/backups:/backups
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/config:/config
-      - /path/to/my/data/to/backup:/source # change this
+
+#networks:
+#  proxy:
+#     external: true
+    
--- a/examples/evershop/docker-compose.yml
+++ b/examples/evershop/docker-compose.yml
@ -1,5 +1,3 @@
-version: '3.8'
-
 services:

  app:
@ -29,7 +27,7 @@ services:
    #  - traefik.http.routers.evershop.middlewares=local-ipwhitelist@file,authelia@docker 

  database:
-    image: postgres:16
+    image: postgres:16-alpine
    container_name: evershop-db
    restart: unless-stopped
    volumes:
--- a/examples/excalidraw/docker-compose.yml
+++ b/examples/excalidraw/docker-compose.yml
@ -1,17 +1,18 @@
-version: "3.8"
-
 services:
+
  excalidraw:
-    container_name: excalidraw
    image: excalidraw/excalidraw:latest
-    ports:
-      - "3000:80"
+    container_name: excalidraw
    restart: unless-stopped
    stdin_open: true
    healthcheck:
      disable: true
    environment:
      - NODE_ENV=production
+    ports:
+      - "3000:80"
+    expose:
+      - 80      
    #networks:
    #  - proxy
    #volumes:
--- a/examples/fail2ban/docker-compose.yml
+++ b/examples/fail2ban/docker-compose.yml
@ -1,18 +1,17 @@
-version: "3"
-
 services:
+
  fail2ban:
+    image: crazymax/fail2ban:latest
    container_name: fail2ban
+    restart: unless-stopped
+    network_mode: host
    cap_add:
      - NET_ADMIN
      - NET_RAW
    environment:
      - TZ=Europe/Berlin
      - F2B_DB_PURGE_AGE=14d
-    image: crazymax/fail2ban:latest
-    network_mode: host
-    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/fail2Ban/data:/data
      - /path/to/my/logs/to/monitor:/var/log
-      #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik
+      #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik
--- a/examples/filebrowser/docker-compose.yml
+++ b/examples/filebrowser/docker-compose.yml
@ -1,15 +1,16 @@
-version: "3"
-
 services:
+
  filebrowser:
    image: hurlenko/filebrowser
    container_name: filebrowser
+    restart: unless-stopped    
    user: 1000:1000 # adjust to your needs
+    environment:
+      - FB_BASEURL=/filebrowser    
    ports:
      - 8080:8080
+    expose:
+      - 8080
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/data:/data
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/config:/config
-    environment:
-      - FB_BASEURL=/filebrowser
-    restart: unless-stopped
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/config:/config
--- a/examples/filerun/docker-compose.yml
+++ b/examples/filerun/docker-compose.yml
@ -1,19 +1,20 @@
-version: '2'
-
 services:
+
  db:
-    image: mariadb:10.1
+    image: mariadb:11.5
    container_name: filerun-db
    environment:
      - MYSQL_ROOT_PASSWORD=your_mysql_root_password
      - MYSQL_USER=your_filerun_username
      - MYSQL_PASSWORD=your_filerun_password
      - MYSQL_DATABASE=your_filerun_database
+    expose:
+      - 3306
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/db:/var/lib/mysql

  filerun:
-    image: filerun/filerun
+    image: filerun/filerun:latest
    container_name: filerun
    environment:
      - FR_DB_HOST=db
@ -27,6 +28,8 @@ services:
      - db:db
    ports:
      - 8080:80
+    expose:
+      - 80
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/html:/var/www/html
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/files:/user-files
--- a/examples/firefly/docker-compose.yml
+++ b/examples/firefly/docker-compose.yml
@ -1,6 +1,5 @@
-version: '3.3'
-
 services:
+
  app:
    image: fireflyiii/core:latest
    container_name: firefly
@ -10,11 +9,13 @@ services:
    env_file: .env
    ports:
      - 80:8080
+    expose:
+      - 8080
    depends_on:
      - db
  
  db:
-    image: mariadb    
+    image: mariadb:11.5
    container_name: firefly-db
    restart: unless-stopped
    environment:
@ -23,4 +24,4 @@ services:
      - MYSQL_PASSWORD=MySecretDatabasePassword # if changed --> also update in .env file
      - MYSQL_DATABASE=firefly
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefly/mysql:/var/lib/mysql
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefly/mysql:/var/lib/mysql
--- a/examples/firefox/docker-compose.yml
+++ b/examples/firefox/docker-compose.yml
@ -1,6 +1,5 @@
-version: "3.3"
-
 services:
+
  firefox:
    image: lscr.io/linuxserver/firefox:latest
    container_name: firefox
@ -16,6 +15,8 @@ services:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefox/config:/config
    ports:
      - 3210:3000
+    expose:
+      - 3000
    #networks:
    #  - proxy
    #labels:
--- a/examples/firezone/README.md
+++ b/examples/firezone/README.md
@ -9,7 +9,7 @@
 > It undergoes a complete redesign (zero-knowledge, cloud) for v1.0 and won't provide any updates for the v0.7 (legacy) branch anymore. More information can be found [here](https://www.firezone.dev/blog/firezone-1-0).

 > [!TIP]
-> A new fork (l4rm4nd/fireabend) tries to fix outdated dependencies and keep the software alive.
+> A new fork (l4rm4nd/firezone) tries to fix outdated dependencies and keep the software alive.
 >
 > The fork starts with a new v7.0.0 release version and tag.

--- a/examples/firezone/docker-compose.yml
+++ b/examples/firezone/docker-compose.yml
@ -6,8 +6,6 @@ x-deploy: &default-deploy
  update_config:
    order: start-first

-version: "3.7"
-
 services:

  firezone:
@ -54,6 +52,8 @@ services:
  postgres:
    image: postgres:15-alpine
    container_name: firezone-db
+    expose:
+      - 5432
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone/db:/var/lib/postgresql/data
    environment:
--- a/examples/flame/docker-compose.yml
+++ b/examples/flame/docker-compose.yml
@ -1,6 +1,5 @@
-version: '3.6'
-
 services:
+
  flame:
    image: pawelmalak/flame
    container_name: flame
@ -9,6 +8,8 @@ services:
      #- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
    ports:
      - 5005:5005
+    expose:
+      - 5005
    environment:
      - PASSWORD=MyStrongLoginPassword
    restart: unless-stopped
--- a/examples/flaresolverr/docker-compose.yml
+++ b/examples/flaresolverr/docker-compose.yml
@ -1,14 +1,15 @@
-version: '3.3'
-
 services:
-    flaresolverr:
-        image: ghcr.io/flaresolverr/flaresolverr:latest
-        container_name: flaresolverr
-        ports:
-            - 8191:8191
-        environment:
-            - LOG_LEVEL=${LOG_LEVEL:-info}
-            - LOG_HTML=${LOG_HTML:-false}
-            - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
-            - TZ=Europe/Berlin
-        restart: unless-stopped
+
+  flaresolverr:
+    image: ghcr.io/flaresolverr/flaresolverr:latest
+    container_name: flaresolverr
+    restart: unless-stopped
+    ports:
+      - 8191:8191/tcp
+    expose:
+      - 8191
+    environment:
+      - LOG_LEVEL=${LOG_LEVEL:-info}
+      - LOG_HTML=${LOG_HTML:-false}
+      - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
+      - TZ=Europe/Berlin
--- a/examples/forte/docker-compose.yml
+++ b/examples/forte/docker-compose.yml
@ -1,12 +1,13 @@
-version: '3'
-
 services:
+
    app:
        image: kaangiray26/forte:4.3
        container_name: forte
        restart: on-failure
        ports:
            - 3000:3000
+        expose:
+            - 3000
        depends_on:
            postgres:
                condition: service_healthy
@ -40,6 +41,8 @@ services:
        image: kaangiray26/postgres:2.0
        container_name: forte-db
        restart: always
+        expose:
+            - 5432
        environment:
            POSTGRES_DB: forte       # Set Postgres Database Name
            POSTGRES_USER: forte     # Set Postgres Username
--- a/examples/ghost/docker-compose-rpi-arm.yml
+++ b/examples/ghost/docker-compose-rpi-arm.yml
@ -1,12 +1,13 @@
-version: '3.3'
-
 services:
+
  blog:
    image: ghost:5
    container_name: ghost
    restart: always
    ports:
      - 8080:2368
+    expose:
+      - 2368
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/content:/var/lib/ghost/content
    environment:
@ -28,6 +29,7 @@ services:
  database:
    image: linuxserver/mariadb
    container_name: ghost-db
+    restart: unless-stopped    
    environment:
      - PUID=1000
      - PGID=1000
@ -36,6 +38,7 @@ services:
      - MYSQL_DATABASE=${DB_NAME:-ghost}
      - MYSQL_USER=${DB_USER:-ghost}
      - MYSQL_PASSWORD=${DB_USER_PASS:-DatabasePassword1234}
+    expose:
+      - 3306
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/mariadb/config:/config
-    restart: unless-stopped
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/mariadb/config:/config
--- a/examples/ghost/docker-compose.yml
+++ b/examples/ghost/docker-compose.yml
@ -1,5 +1,3 @@
-version: '3.3'
-
 services:

  blog:
--- a/examples/gitea/docker-compose.yml
+++ b/examples/gitea/docker-compose.yml
@ -1,8 +1,9 @@
-version: "3"
-
 services:
+
  gitea:
+    image: gitea/gitea:latest    
    container_name: gitea
+    restart: unless-stopped    
    environment:
      - USER_UID=1000
      - USER_GID=1000
@ -10,8 +11,9 @@ services:
    ports:
      - 3000:3000 #webgui
      - 2222:22 #ssh
-    image: gitea/gitea:latest
-    restart: unless-stopped
+    expose:
+      - 3000
+      - 22
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitea/data:/data
    #networks:
--- a/examples/gitlab/docker-compose.yml
+++ b/examples/gitlab/docker-compose.yml
@ -1,9 +1,9 @@
-version: '3.7'
 services:
+
  gitlab-ce:
    image: gitlab/gitlab-ce:latest
+    container_name: gitlab-ce    
    restart: unless-stopped
-    container_name: gitlab-ce
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://gitlab.example.com' # please adjust
@ -11,6 +11,10 @@ services:
      - 8033:80 # HTTP
      - 8434:443 # HTTPS
      - 2222:22 # SSH
+    expose:
+      - 80
+      - 443
+      - 22
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitlab/config:/etc/gitlab
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitlab/logs:/var/log/gitlab
--- a/examples/gokapi/docker-compose.yml
+++ b/examples/gokapi/docker-compose.yml
@ -1,12 +1,13 @@
-version: "3.7"
-
 services:
+
  gokapi:
    image: f0rc3/gokapi:latest
    container_name: gokapi
    restart: unless-stopped
    ports:
      - 53842:53842
+    expose:
+      - 53842
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gokapi/data:/app/data
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gokapi/config:/app/config
--- a/examples/grafana-monitoring/docker-compose.yml
+++ b/examples/grafana-monitoring/docker-compose.yml
@ -1,15 +1,15 @@
-version: "2"
-
 services:

  loki:
-    image: grafana/loki:2.9.9
+    image: grafana/loki:2.9.10
+    container_name: loki    
    hostname: loki
-    container_name: loki
    volumes:
      - ./volume-data/loki:/etc/loki # place loki-config.yml
    ports:
      - "127.0.0.1:3100:3100"
+    expose:
+      - 3100
    restart: unless-stopped
    user: 1000:1000
    command: -config.file=/etc/loki/loki-config.yml  
@ -19,9 +19,9 @@ services:
  promtail:
    image: grafana/promtail:latest
    container_name: promtail
+    hostname: promtail    
    depends_on:
      - loki
-    hostname: promtail
    volumes:
      - /var/log:/var/log:ro # let promtail access the docker host's log files
      - ./volume-data/promtail:/etc/promtail # place promtail-config.yml
@ -32,7 +32,7 @@ services:
    #  - monitoring_default

  influxdb:
-    image: influxdb:1.8.10
+    image: influxdb:1.8
    container_name: influxdb
    hostname: influxdb
    restart: unless-stopped
@ -48,10 +48,10 @@ services:

  telegraf:
    image: telegraf:latest
+    container_name: telegraf
+    hostname: telegraf    
    restart: unless-stopped
    user: telegraf:$(stat -c '%g' /var/run/docker.sock) # see: https://www.influxdata.com/blog/docker-run-telegraf-as-non-root/
-    container_name: telegraf
-    hostname: telegraf
    dns:
      - 1.1.1.1
      - 8.8.8.8
@ -74,21 +74,23 @@ services:
    #  - monitoring_default

  grafana:
+    image: grafana/grafana:latest    
    container_name: grafana
    hostname: grafana
+    restart: unless-stopped    
    user: 1000:1000
    depends_on:
      - influxdb
      - loki
      - promtail
-    image: grafana/grafana:latest
-    restart: unless-stopped
-    #environment:
-    #  - GF_SERVER_ROOT_URL=https://grafana.example.com # optional
+    environment:
+      - GF_SERVER_ROOT_URL=https://grafana.example.com # pls change this
    volumes:
      - ./volume-data/grafana:/var/lib/grafana
    ports:
      - 3000:3000
+    expose:
+      - 3000
    #networks:
    #  - monitoring_default
    #labels:
@ -99,6 +101,17 @@ services:
    #  # Part for local lan services only
    #  - traefik.http.routers.grafana.middlewares=local-ipwhitelist@file

+  #prometheus:
+  #  image: prom/prometheus
+  #  container_name: prometheus
+  #  restart: unless-stopped
+  #  expose:
+  #    - 9090
+  #  volumes:
+  #    - ./volume-data/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+  #  #networks:
+  #  #  - monitoring_default
+
 #networks:
 #  monitoring_default:
 #   external: true
--- a/examples/grafana-monitoring/volume-data/prometheus/prometheus.yml
+++ b/examples/grafana-monitoring/volume-data/prometheus/prometheus.yml
@ -0,0 +1,17 @@
+
+# my global config
+global:
+  scrape_interval: 15s
+  evaluation_interval: 30s
+  body_size_limit: 15MB
+  sample_limit: 1500
+  target_limit: 30
+  label_limit: 30
+  label_name_length_limit: 200
+  label_value_length_limit: 200
+  # scrape_timeout is set to the global default (10s).
+
+scrape_configs:
+  - job_name: crowdsec_myMachine
+    static_configs:
+      - targets: ["crowdsec:6060"]
--- a/examples/gramps/docker-compose.yml
+++ b/examples/gramps/docker-compose.yml
@ -1,5 +1,3 @@
-version: "3.7"
-
 services:

  grampsweb:
--- a/examples/greenbone/docker-compose.yml
+++ b/examples/greenbone/docker-compose.yml
@ -1,7 +1,9 @@
-version: "3"
 services:
+
    gvm:
        image: securecompliance/gvm
+        container_name: gvm
+        restart: unless-stopped        
        volumes:
          - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/greenbone/database:/opt/database
          - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/greenbone/gvm:/var/lib/gvm
@ -20,4 +22,7 @@ services:
          - "9392:9392"  # Web interface
          #- "5432:5432" # Access PostgreSQL database from external tools
          #- "2222:22"   # SSH for remote sensors
-        restart: unless-stopped
+        expose:
+          - 9392
+          - 5432
+          - 22
--- a/examples/guacamole/docker-compose.yml
+++ b/examples/guacamole/docker-compose.yml
@ -1,5 +1,3 @@
-version: '2.0'
-
 services:

  guacd:
@ -13,9 +11,11 @@ services:
    #  - proxy

  postgres:
-    image: postgres:15.2-alpine
+    image: postgres:16-alpine
    container_name: guacamole-db
    restart: always
+    expose:
+      - 5432
    environment:
      - PGDATA=/var/lib/postgresql/data/guacamole
      - POSTGRES_DB=guacamole_db
@ -27,7 +27,6 @@ services:
    #networks:
    #  - proxy

-  # guacamole
  guacamole:
    image: guacamole/guacamole
    container_name: guacamole-ui
--- a/examples/headscale/docker-compose.yml
+++ b/examples/headscale/docker-compose.yml
@ -1,10 +1,9 @@
-version: '3.9'
-
 services:
+
  headscale:
    image: headscale/headscale:0.22
+    container_name: headscale    
    pull_policy: always
-    container_name: headscale
    restart: unless-stopped
    command: headscale serve
    expose:
@ -26,8 +25,8 @@ services:
      
  headscale-ui:
    image: ghcr.io/gurucomputing/headscale-ui:latest
+    container_name: headscale-ui    
    pull_policy: always
-    container_name: headscale-ui
    networks:
      - proxy
    restart: unless-stopped
--- a/examples/hedgedoc/docker-compose.yml
+++ b/examples/hedgedoc/docker-compose.yml
@ -1,23 +1,24 @@
-version: '3'
-
 services:

  database:
-    image: postgres:13.4-alpine
+    image: postgres:16-alpine
    container_name: hedgedoc-db
+    restart: always    
+    expose:
+      - 5432
    environment:
      - POSTGRES_USER=hedgedoc
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=hedgedoc
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hedgedoc/database:/var/lib/postgresql/data
-    restart: always
    #networks:
    #  - proxy

  app:
    image: quay.io/hedgedoc/hedgedoc:1.10.0
    container_name: hedgedoc-app
+    restart: always    
    environment:
      - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
      - CMD_DOMAIN=collab.example.com
@ -45,7 +46,6 @@ services:
      - 3000:3000/tcp
    expose:
      - 3000
-    restart: always
    depends_on:
      - database
    #networks:
--- a/examples/heimdall/docker-compose.yml
+++ b/examples/heimdall/docker-compose.yml
@ -1,6 +1,5 @@
-version: "3"
-
 services:
+
  heimdall:
    image: linuxserver/heimdall:latest  
    container_name: heimdall
@ -11,6 +10,8 @@ services:
      - TZ=Europe/Berlin
    ports:
      - 8099:80
+    expose:
+      - 80
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/heimdall:/config
--- a/examples/hemmelig/docker-compose.yml
+++ b/examples/hemmelig/docker-compose.yml
@ -1,4 +1,5 @@
 services:
+
  hemmelig:
    image: hemmeligapp/hemmelig:latest
    container_name: hemmelig
@ -19,12 +20,16 @@ services:
      - SECRET_MAX_TEXT_SIZE=256          # The max text size for the secret. Is set in kb. i.e. 256 for 256kb
    ports:
      - "3000:3000"
+    expose:
+      - 3000
    restart: always
    stop_grace_period: 1m
    healthcheck:
      test: "wget -O /dev/null localhost:3000 || exit 1"
      timeout: 5s
      retries: 1
+    #networks:
+    #  - proxy
    #labels:
    #  - traefik.enable=true
    #  - traefik.http.routers.hemmelig.rule=Host(`hemmelig.example.com`)
@ -32,3 +37,7 @@ services:
    #  - traefik.docker.network=proxy
    #  # Part for optional traefik middlewares
    #  - traefik.http.routers.hemmelig.middlewares=local-ipwhitelist@file,basic-auth@file  
+
+#networks:
+#  proxy:
+#    external: true
--- a/examples/homarr/docker-compose.yml
+++ b/examples/homarr/docker-compose.yml
@ -1,8 +1,8 @@
-version: '3'
 services:
+
  homarr:
+    image: ghcr.io/ajnart/homarr:latest    
    container_name: homarr
-    image: ghcr.io/ajnart/homarr:latest
    restart: unless-stopped
    environment:
      - PASSWORD=MySecureLoginPassword
@ -12,3 +12,5 @@ services:
      #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homarr/icons:/app/public/icons # optional for custom icons
    ports:
      - '7575:7575'
+    expose:
+      - 7575
--- a/examples/home-assistant/docker-compose.yml
+++ b/examples/home-assistant/docker-compose.yml
@ -1,10 +1,10 @@
---
-version: "2.1"
 services:
+
  homeassistant:
    image: linuxserver/homeassistant:latest
    container_name: homeassistant
    network_mode: host
+    restart: unless-stopped    
    environment:
      - PUID=1000
      - PGID=1000
@ -12,7 +12,6 @@ services:
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homeassistant/config:/config
    #ports:
-    #  - 8123:8123 #optional
+    #  - 8123:8123 # optional of host network is used
    #devices:
-    #  - /path/to/device:/path/to/device #optional
-    restart: unless-stopped
+    #  - /path/to/device:/path/to/device #optional
--- a/examples/homepage/docker-compose.yml
+++ b/examples/homepage/docker-compose.yml
@ -1,18 +1,22 @@
-version: "3.3"
 services:
+
  homepage:
    image: ghcr.io/gethomepage/homepage:latest
    container_name: homepage
    restart: unless-stopped
    ports:
      - 3000:3000
+    expose:
+      - 3000
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
+      #- /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations      
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homepage/config:/app/config # Make sure your local config directory exists
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homepage/icons:/app/public/icons
-    #  - /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations
+    #networks:
+    #  - proxy
    #labels:
    #  - traefik.enable=true
    #  - traefik.http.routers.homepage.rule=Host(`home.example.com`)
@ -20,3 +24,7 @@ services:
    #  - traefik.docker.network=proxy
    #  # Part for local lan services only
    #  - traefik.http.routers.homepage.middlewares=local-ipwhitelist@file
+
+#networks:
+#  proxy:
+#    external: true
--- a/examples/homer/docker-compose.yml
+++ b/examples/homer/docker-compose.yml
@ -1,6 +1,5 @@
-version: '3.6'
-
 services:
+
  homer:
    image: b4bz/homer:latest
    container_name: homer
@ -8,6 +7,8 @@ services:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homer:/www/assets
    ports:
      - "8080:8080"
+    expose:
+      - 8080
    restart: unless-stopped
    environment:
      - UID=1000
--- a/examples/immich/.env
+++ b/examples/immich/.env
@ -1,5 +1,5 @@
 # Versioning
-IMMICH_VERSION=v1.115.0
+IMMICH_VERSION=v1.123.0

 # Database
 DB_HOSTNAME=immich-database
@ -13,6 +13,3 @@ REDIS_HOSTNAME=immich-redis

 # Upload File Config
 UPLOAD_LOCATION=/mnt/docker-volumes/immich/uploads # change this
-
-# JWT SECRET
-JWT_SECRET=9C9E6EE5B56F137D2123123123123 # change this to a secure random secret
--- a/examples/immich/docker-compose.yml
+++ b/examples/immich/docker-compose.yml
@ -1,9 +1,8 @@
-version: "3.8"
-
 services:
+
  immich-server:
-    container_name: immich-server
    image: altran1502/immich-server:${IMMICH_VERSION:-release}
+    container_name: immich-server    
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
@ -12,9 +11,9 @@ services:
    environment:
      - NODE_ENV=production
    ports:
-      - 2283:3001
+      - 2283:2283
    expose:
-      - 3001
+      - 2283
    depends_on:
      - immich-redis
      - immich-database
@ -24,7 +23,7 @@ services:
    #labels:
    #  - traefik.enable=false
    #  - traefik.http.routers.immich.rule=Host(`immich.example.com`)
-    #  - traefik.http.services.immich.loadbalancer.server.port=3001
+    #  - traefik.http.services.immich.loadbalancer.server.port=2283
    #  - traefik.docker.network=proxy
    #  # Optional part for file upload max sizes
    #  - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5000MB
@ -52,8 +51,8 @@ services:
    #  - proxy

  immich-redis:
+    image: redis:6.2-alpine    
    container_name: immich-redis
-    image: redis:6.2-alpine
    restart: unless-stopped
    #labels:
    #  - "com.centurylinklabs.watchtower.enable=true"
@ -61,8 +60,8 @@ services:
    #  - proxy

  immich-database:
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0    
    container_name: immich-database
-    image: tensorchord/pgvecto-rs:pg14-v0.2.0
    env_file:
      - .env
    environment:
--- a/examples/ipsec-vpn-server/docker-compose.yml
+++ b/examples/ipsec-vpn-server/docker-compose.yml
@ -1,10 +1,9 @@
-version: '3'
-
 services:
+
  vpn:
    image: hwdsl2/ipsec-vpn-server
+    container_name: ipsec-vpn-server    
    hostname: ipsec-vpn-server
-    container_name: ipsec-vpn-server
    environment:
      #- VPN_IPSEC_PSK=3gAW0sDYI2ARSMQIQRa2xpIHb42JS+ImsiHdf3jbTl8 # set a secure psk; e.g. via `openssl rand -base64 32`; only necessary if not IKEv2 only
      #- VPN_USER=vpn # define your vpn username; only necessary if not IKEv2 only
@ -25,6 +24,9 @@ services:
    ports:
      - "500:500/udp"
      - "4500:4500/udp"
+    expose:
+      - 500
+      - 4500
    privileged: true
    volumes:
      -  ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ipsec-vpn-server/data:/etc/ipsec.d # required to enable IKEv2
--- a/examples/it-tools/docker-compose.yml
+++ b/examples/it-tools/docker-compose.yml
@ -1,6 +1,5 @@
-version: '3.3'
-
 services:
+
  it-tools:
    image: corentinth/it-tools
    container_name: it-tools
@ -8,6 +7,8 @@ services:
    restart: unless-stopped
    ports:
      - 8080:80/tcp
+    expose:
+      - 80
    #networks:
    #  - proxy # or use dev for testing purposes
    #labels:
--- a/examples/jackett/docker-compose.yml
+++ b/examples/jackett/docker-compose.yml
@ -1,6 +1,5 @@
-version: "2.1"
-
 services:
+
  jackett:
    image: lscr.io/linuxserver/jackett:latest
    container_name: jackett
@ -14,4 +13,6 @@ services:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jackett/downloads:/downloads
    ports:
      - 9117:9117
+    expose:
+      - 9117
    restart: unless-stopped
--- a/examples/jellyfin/docker-compose.yml
+++ b/examples/jellyfin/docker-compose.yml
@ -1,5 +1,5 @@
-version: '3.3'
 services:
+
    jellyfin:
        image: jellyfin/jellyfin:latest
        container_name: jellyfin
@ -7,8 +7,11 @@ services:
            - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jellyfin/config:/config
            - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jellyfin/cache:/cache
            - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jellyfin/media:/media
-        network_mode: host
        restart: unless-stopped
+        ports:
+            - 8096:8096/tcp
+        expose:
+            - 8096
        #environment:
        #    - JELLYFIN_PublishedServerUrl=http://example.com # Optional - alternative address used for autodiscovery
        #extra_hosts:
--- a/examples/jetbrains-youtrack/docker-compose.yml
+++ b/examples/jetbrains-youtrack/docker-compose.yml
@ -1,6 +1,5 @@
-version: '3.5'
-
 services:
+
  youtrack:
    image: jetbrains/youtrack:2022.3.65373
    container_name: youtrack
@ -9,17 +8,19 @@ services:
    restart: unless-stopped
    ports:
      - 8080:8080 # web ui
+    expose:
+      - 8080
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/data:/opt/youtrack/data
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/conf:/opt/youtrack/conf
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/logs:/opt/youtrack/logs
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/backups:/opt/youtrack/backups
-    #networks:
-    #  - proxy
    deploy:
      placement:
        constraints:
          - node.labels.youtrack.data == true
+    #networks:
+    #  - proxy
    #labels:
      #  - traefik.enable=true
      #  - traefik.docker.network=proxy
--- a/examples/keycloak/docker-compose.yml
+++ b/examples/keycloak/docker-compose.yml
@ -1,6 +1,5 @@
-version: '3.7'
-
 services:
+
  postgres:
    image: postgres:16-alpine
    container_name: keycloak-db
--- a/examples/koillection/docker-compose.yml
+++ b/examples/koillection/docker-compose.yml
@ -1,5 +1,3 @@
-version: '3.3'
-
 services:

  db:
--- a/examples/leantime/docker-compose.yml
+++ b/examples/leantime/docker-compose.yml
@ -1,16 +1,17 @@
-version: '3.3'
-
 services:
+
  leantime_db:
-    image: mysql:8.0
+    image: mysql:8.4
    container_name: leantime-mysql
+    expose:
+      - 3306
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/mysql:/var/lib/mysql
    restart: unless-stopped
    env_file: ./.env
    command: --character-set-server=UTF8MB4 --collation-server=UTF8MB4_unicode_ci
    #networks:
-    #  - proxy
+    #  - internal

  leantime:
    image: leantime/leantime:latest
@ -20,24 +21,31 @@ services:
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/public_data:/var/www/html/public/userfiles
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/data:/var/www/html/userfiles
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/plugins:/var/www/html/app/Plugins
    ports:
-      - "8080:80"                                                       # The port to expose and access Leantime
+      - "8080:80" # The port to expose and access Leantime
+    expose:
+      - 80
    depends_on:
-      - leantime_db                                                     # Don't start Leantime unless leantime_db is running
+      - leantime_db
    #networks:
    #  - proxy
+    #  - internal    
    #labels:
    #  - traefik.enable=true
+    #  - traefik.docker.network=proxy    
    #  - traefik.http.routers.leantime.rule=Host(`leantime.example.com`)
    #  - traefik.http.services.leantime.loadbalancer.server.port=80
+    #  # Optional part for file upload max sizes
    #  - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads
    #  - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads
    #  - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads
    #  - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads    
-    #  - traefik.docker.network=proxy
    #  # Part for optional traefik middlewares
    #  - traefik.http.routers.leantime.middlewares=local-ipwhitelist@file,authelia@file,basic-auth@file

 #networks:
 #  proxy:
 #    external: true
+#  internal:
+#    internal: true
--- a/examples/librephotos/docker-compose.yml
+++ b/examples/librephotos/docker-compose.yml
@ -1,14 +1,5 @@
-# DO NOT EDIT
-# The .env file has everything you need to edit.
-# Run options:
-# 1. Use prebuilt images (preferred method):
-#   run cmd: docker-compose up -d
-# 2. Build images on your own machine:
-#   build cmd: COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose build
-#   run cmd: docker-compose up -d
-
-version: "3.8"
 services:
+
  proxy:
    image: reallibrephotos/librephotos-proxy:${tag}
    container_name: librephotos-proxy
@ -23,7 +14,7 @@ services:
      - frontend

  db:
-    image: postgres:13
+    image: postgres:16-alpine
    container_name: librephotos-db
    restart: unless-stopped
    environment:
@ -80,7 +71,7 @@ services:
        condition: service_healthy

  redis:
-    image: redis:6
+    image: redis:7-alpine
    container_name: librephotos-redis
    restart: unless-stopped
    healthcheck:
--- a/examples/lidarr/docker-compose.yml
+++ b/examples/lidarr/docker-compose.yml
@ -1,6 +1,5 @@
-version: "2.1"
-
 services:
+
  lidarr:
    image: lscr.io/linuxserver/lidarr:latest
    container_name: lidarr
@ -14,4 +13,6 @@ services:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/lidarr/downloads:/downloads # Should be the same as the download client's folder
    ports:
      - 8686:8686
+    expose:
+      - 8686
    restart: unless-stopped
--- a/examples/lldap/docker-compose.yml
+++ b/examples/lldap/docker-compose.yml
@ -1,6 +1,5 @@
-version: '3.3'
-
 services:
+
  lldap:
    image: lldap/lldap:stable
    container_name: lldap
@ -17,10 +16,11 @@ services:
    ports:
      - 3890:3890 # LDAP
      - 17170:17170 # WEB UI
+    expose:
+      - 3890
+      - 17170
    #networks:
    #  - proxy
-    #expose:
-    #  - 17170
    #labels:
    #  - traefik.enable=true
    #  - traefik.http.routers.lldap.rule=Host(`lldap.example.com`)
--- a/examples/matomo/docker-compose.yml
+++ b/examples/matomo/docker-compose.yml
@ -1,11 +1,12 @@
-version: "2"
-
 services:
+
  matomo:
+    image: matomo:5-fpm-alpine 
    container_name: matomo
-    image: matomo
    ports:
      - 8099:80
+    expose:
+      - 80
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/matomo/apache/apache2.conf:/etc/apache2/apache2.conf:ro
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/matomo/html:/var/www/html
@ -29,13 +30,15 @@ services:


  matomo_db:
+    image: mariadb:11.5
    container_name: matomo_db
-    image: mariadb
    command: --max-allowed-packet=64MB
    environment:
      - MYSQL_ROOT_PASSWORD=makeitup
    env_file:
      - ./db.env
+    expose:
+      - 3306
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/matomo/database:/var/lib/mysql
--- a/examples/mattermost/docker-compose.yml
+++ b/examples/mattermost/docker-compose.yml
@ -1,6 +1,5 @@
-version: "2.4"
-
 services:
+
  postgres:
    image: postgres:${POSTGRES_IMAGE_TAG}
    container_name: mattermost-db
--- a/examples/mealie/docker-compose.yml
+++ b/examples/mealie/docker-compose.yml
@ -1,6 +1,5 @@
-version: "3.7"
-
 services:
+
  mealie-frontend:
    image: hkotel/mealie:frontend-v1.0.0beta-5
    container_name: mealie-frontend
@ -13,6 +12,8 @@ services:
    restart: unless-stopped
    ports:
      - "9925:3000" # adjust to your liking 
+    expose:
+      - 3000
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mealie/data:/app/data/
    #networks:
--- a/examples/memos/docker-compose.yml
+++ b/examples/memos/docker-compose.yml
@ -1,6 +1,5 @@
-version: "3.0"
-
 services:
+
  memos:
    image: neosmemo/memos:latest
    container_name: memos
@ -8,6 +7,8 @@ services:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/memos/data:/var/opt/memos
    ports:
      - 5230:5230
+    expose:
+      - 5230
    #networks:
    #  - proxy
    #labels:
--- a/examples/metube/docker-compose.yml
+++ b/examples/metube/docker-compose.yml
@ -1,13 +1,16 @@
-version: "3"
-
 services:
+
  metube:
    image: alexta69/metube
    container_name: metube
    hostname: metube
    restart: unless-stopped
+    environment:
+      - DELETE_FILE_ON_TRASHCAN=false
    ports:
      - "8081:8081" # web ui
+    expose:
+      - 8081
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/metube/downloads:/downloads
    #networks:
--- a/examples/minio/docker-compose.yml
+++ b/examples/minio/docker-compose.yml
@ -1,8 +1,7 @@
-version: "3"
-
 services:
+
  minio-s3:
-    image: bitnami/minio:2023
+    image: bitnami/minio:2024
    container_name: minio
    hostname: minio
    environment:
@ -10,9 +9,11 @@ services:
      - MINIO_ROOT_PASSWORD=XscUJuDQP4WuWA55vfXNrc7 # change this
    ports:
      - 9001:9001/tcp
+    expose:
+      - 9001
    restart: unless-stopped
    volumes:
-      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/minio/data:/data
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/minio/data:/bitnami/minio/data
    #networks:
    #  - proxy
    #labels:
--- a/examples/mirotalk/docker-compose.yml
+++ b/examples/mirotalk/docker-compose.yml
@ -1,16 +1,17 @@
-version: '3.7'
-
 services:
+
  mirotalk:
    image: mirotalk/p2p:latest
-    restart: unless-stopped
    container_name: mirotalk
    hostname: mirotalk
+    restart: unless-stopped    
    ports:
      # use a reverse proxy with SSL/TLS support
      # otherwise webrtc won't work with plaintext http after Chrome 47+
      # see https://stackoverflow.com/questions/52759992/how-to-access-camera-and-microphone-in-chrome-without-https/58449078#58449078
-      - 3000:3000 # WEB UI; 
+      - 3000:3000 # WEB UI
+    expose:
+      - 3000
    volumes:
      - .env:/src/.env:ro
      #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mirotalk/app:/src/app:ro # only necessary if you want to adjust the code itself (js, css, etc.)
--- a/examples/money-balancer/docker-compose.yml
+++ b/examples/money-balancer/docker-compose.yml
@ -1,11 +1,13 @@
-version: "3"
 services:
+
  money-balancer:
    image: ghcr.io/dorianim/money-balancer
-    restart: unless-stopped
    container_name: money-balancer
+    restart: unless-stopped    
    ports:
      - 8000:8000
+    expose:
+      - 8000
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/money-balancer/data:/data
    environment:
--- a/examples/monkeytype/docker-compose.yml
+++ b/examples/monkeytype/docker-compose.yml
@ -1,6 +1,5 @@
-version: '3.3'
-
 services:
+
  monkeytype:
    image: themythologist/monkeytype:frontend-latest
    container_name: monkeytype
@ -8,6 +7,8 @@ services:
    restart: unless-stopped
    ports:
      - 5000:5000/tcp
+    expose:
+      - 5000
    #networks:
    #  - proxy
    #labels:
--- a/examples/n8n/.env
+++ b/examples/n8n/.env
@ -1,6 +1,22 @@
+## database settings
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=MySecureRootDbUserPassword
 POSTGRES_DB=n8n
-
 POSTGRES_NON_ROOT_USER=n8n
 POSTGRES_NON_ROOT_PASSWORD=MySecureDatabaseUserPassword
+
+## application settings
+N8N_NODE_ENV=production
+N8N_TZ=Europe/Berlin
+
+## tls proxy settings
+N8N_HOST=n8n.example.com
+N8N_PROTOCOL=http
+N8N_WEBHOOK_URL=https://n8n.example.com/
+
+## npm extra options
+# this will install additional npm packages during container start
+EXTRA_NODE_MODULES=lodash
+
+# this will whitelist additional npm packages
+NODE_FUNCTION_ALLOW_EXTERNAL=lodash
--- a/examples/n8n/README.md
+++ b/examples/n8n/README.md
@ -1,7 +1,7 @@
 # References

 - https://github.com/n8n-io/n8n
- https://github.com/n8n-io/n8n/tree/master/docker/compose/withPostgres
+- https://github.com/n8n-io/n8n-hosting/tree/main/docker-compose/withPostgres

 # Notes

@ -11,35 +11,21 @@ Please follow these steps to do so:

 ````
 # create new directory for database
-mkdir -p /mnt/docker-volumes/n8n
+mkdir -p /mnt/docker-volumes/n8n/storage

 # move the init file from this repo to the new location
 mv init-database.sh /mnt/docker-volumes/n8n/.

-# optional; adjust permissions
-sudo chmod -R 777 /mnt/docker-volumes/n8n/
+# fix permissions
+sudo chown -R 0:1000 /mnt/docker-volumes/n8n/
+sudo chmod -R 775 /mnt/docker-volumes/n8n/
+
+# adjust environment variables
+nano .env
 ````

-Afterwards, you can proceed spawning up the docker compose stack with:
+Afterwards, you can proceed spawning up the docker compose stack:

 ````
-docker compose up
+docker compose up -d
 ````
-
-> [!WARNING]
-> Upon starting the stack you may see n8n errors regarding permissions:
->
-> ````
-> [EACCES] Error Plugin: n8n: EACCES: permission denied, open '/home/node/.n8n/config'
-> ````
->
-> You can fix those my running:
-> ````
-> sudo chmod -R 777 /mnt/docker-volumes/n8n/database
-> ````
->
-> and restarting the stack:
->
-> ````
-> docker compose up --force-recreate
-> ````
--- a/examples/n8n/docker-compose.yml
+++ b/examples/n8n/docker-compose.yml
@ -1,11 +1,11 @@
-version: '3.8'
-
 services:

  n8n-db:
-    image: postgres:11-alpine
+    image: postgres:16-alpine
    container_name: n8n-db
    restart: unless-stopped
+    expose:
+      - 5432
    environment:
      - POSTGRES_USER
      - POSTGRES_PASSWORD
@ -19,7 +19,9 @@ services:
      test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}']
      interval: 5s
      timeout: 5s
-      retries: 10      
+      retries: 10
+    #networks:
+    #  - n8n-internal

  n8n:
    image: n8nio/n8n
@ -27,24 +29,47 @@ services:
    hostname: n8n
    restart: unless-stopped
    environment:
+      # database settings
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=n8n-db
      - DB_POSTGRESDB_DATABASE=${POSTGRES_DB}
      - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER}
      - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
+      # application settings
+      - NODE_ENV=${N8N_NODE_ENV}
+      - GENERIC_TIMEZONE=${N8N_TZ}      
+      # tls proxy settings
+      - N8N_HOST=${N8N_HOST}
+      - N8N_PROTOCOL=${N8N_PROTOCOL}
+      - WEBHOOK_URL=${N8N_WEBHOOK_URL}
+      # npm extra options
+      - EXTRA_NODE_MODULES=${N8N_EXTRA_NODE_MODULES}
+      - NODE_FUNCTION_ALLOW_EXTERNAL=${N8N_NODE_FUNCTION_ALLOW_EXTERNAL}
    ports:
      - 5678:5678
+    expose:
+      - 5678
    links:
      - n8n-db
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/n8n/storage:/home/node/.n8n
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/n8n/files:/files
    depends_on:
      n8n-db:
        condition: service_healthy
+    #networks:
+    #  - proxy
+    #  - n8n-internal        
    #labels:
    #  - traefik.enable=true
+    #  - traefik.docker.network=proxy    
    #  - traefik.http.routers.n8n.rule=Host(`n8n.example.com`)
    #  - traefik.http.services.n8n.loadbalancer.server.port=5678
-    #  - traefik.docker.network=proxy
    #  # Part for optional traefik middlewares
    #  - traefik.http.routers.n8n.middlewares=local-ipwhitelist@file,basic-auth@file
+
+#networks:
+#  proxy:
+#    external: true
+#  n8n-internal:
+#    internal: true
--- a/examples/n8n/init-database.sh
+++ b/examples/n8n/init-database.sh
@ -3,10 +3,11 @@ set -e;


 if [ -n "${POSTGRES_NON_ROOT_USER:-}" ] && [ -n "${POSTGRES_NON_ROOT_PASSWORD:-}" ]; then
-        psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-                CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}';                                                      
-                GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER};                                                             
-        EOSQL                                                                
-else                                                                         
-        echo "SETUP INFO: No Environment variables given!"                   
-fi 
+	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+		CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}';
+		GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER};
+		GRANT CREATE ON SCHEMA public TO ${POSTGRES_NON_ROOT_USER};
+	EOSQL
+else
+	echo "SETUP INFO: No Environment variables given!"
+fi
--- a/examples/nessus/docker-compose.yml
+++ b/examples/nessus/docker-compose.yml
@ -1,11 +1,13 @@
-version: "3.7"
 services:
+
  nessus:
-    hostname: nessus
-    container_name: nessus
    image: tenableofficial/nessus:latest
+    container_name: nessus
+    hostname: nessus    
    ports:
      - 8834:8834/tcp # WEB UI
+    expose:
+      - 8834
    environment:
      - ACTIVATION_CODE=XXX-XXXXX-XXXXX-XXXX # change this
      - USERNAME=nessus
--- a/examples/network-multitool/docker-compose.yml
+++ b/examples/network-multitool/docker-compose.yml
@ -1,6 +1,5 @@
-version: "3"
-
 services:
+
  network-multitool:
    image: wbitt/network-multitool:alpine-extra
    container_name: network-multitool
--- a/examples/nextcloud/docker-compose-mariadb-redis.yml
+++ b/examples/nextcloud/docker-compose-mariadb-redis.yml
@ -6,6 +6,8 @@ services:
    hostname: nextcloud-db
    command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF
    restart: unless-stopped
+    expose:
+      - 3306
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nextcloud/database:/var/lib/mysql
    environment:
--- a/examples/nextcloud/docker-compose-sqlite.yml
+++ b/examples/nextcloud/docker-compose-sqlite.yml
@ -1,4 +1,5 @@
 services:
+
  nextcloud:
    image: linuxserver/nextcloud:latest
    container_name: nextcloud
--- a/examples/nginx-php/docker-compose.yml
+++ b/examples/nginx-php/docker-compose.yml
@ -1,34 +1,35 @@
-version: "3"
-
 services:
+
  web:
    image: nginx:stable-alpine
+    container_name: nginx    
    hostname: nginx
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/www-data:/var/www # place your files for web here
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/nginx-conf:/etc/nginx/conf.d # place provided nginx.conf here
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/logs:/var/log/nginx
-    container_name: nginx
    restart: unless-stopped
    ports:
      - 8080:80
+    expose:
+      - 80
    #networks:
    #   - proxy
    #labels:
    #  - traefik.enable=true
+    #  - traefik.docker.network=proxy
    #  - traefik.http.routers.nginx.rule=Host(`nginx.example.com`)
    #  - traefik.http.services.nginx.loadbalancer.server.port=80
-    #  - traefik.docker.network=proxy
-    #  # Part for local lan services only
+    #  # Optional part for traefik middlewares
    #  #- traefik.http.routers.nginx.middlewares=error-pages-middleware@docker
  
  php:
    image: php:8-fpm-alpine
+    container_name: php    
    hostname: php
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/www-data:/var/www # must be same path to www-data as above
      #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/php/custom-php.ini:/usr/local/etc/php/conf.d/php.ini:ro
-    container_name: php
    restart: unless-stopped
    working_dir: /var/www
    expose:
--- a/Show More
+++ b/Show More