diff --git a/0_skeleton/docker-compose.yml b/0_skeleton/docker-compose.yml index ad86774..87438cd 100644 --- a/0_skeleton/docker-compose.yml +++ b/0_skeleton/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + example: image: user/image:tag container_name: example @@ -38,7 +37,7 @@ services: # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # # Optional part for traefik middlewares - # - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file,authelia@docker + # - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file #networks: # proxy: diff --git a/README.md b/README.md index ee98a7e..a40dfed 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,8 @@ ## ✨ Requirements -- Docker Compose +- [Docker Engine](https://docs.docker.com/engine/install/) +- [Docker Compose](https://docs.docker.com/compose/install/) ## 🎓 Usage - Volume bind mounts are assumed to be located at `/mnt/docker-volumes//`. You can adjust the path via the global env variable `DOCKER_VOLUME_STORAGE` to your liking though. The compose examples will fall back to `/mnt/docker-volumes//` if the env variable is not set on your Docker server. @@ -172,6 +173,7 @@ Tools and software for [software project management](https://en.wikipedia.org/wi - [Gitlab Community](examples/gitlab-ce) - Self Hosted Git repository management, code reviews, issue tracking, activity feeds and wikis. - [Code-Server](examples/code-server) - VS Code in the browser, hosted on a remote server. - [Onedev](examples/onedev) - Self-hosted Git Server with CI/CD and Kanban. +- [Atlassian Jira Core](examples/atlassian-jira-confluence) - Jira Core is a project and task management solution built for business teams. ### Automation and Monitoring @@ -221,7 +223,7 @@ A [gallery](https://en.wikipedia.org/wiki/Gallery_Software) is software that hel Software to manage audio and video material. -- [Arr-Suite](examples/arr-suite) - Docker stack consisting of Prowlarr, Sonarr, Radarr, Lidarr, Readarr, Flaresolverr, Qbittorrent and Emby. +- [Arr-Suite](examples/arr-suite) - Docker stack consisting of Prowlarr, Sonarr, Radarr, Lidarr, Readarr, Bazarr, Flaresolverr, Qbittorrent and Emby/Jellyfin. - [Raveberry](examples/raveberry) - A multi-user music server with a focus on participation. - [Deemix](examples/deemix) - deemix is a barebone deezer downloader library built from the ashes of Deezloader Remix. - [Forte](examples/forte) - forte is a self-hosted music platform. You can either connect to a forte server or create your own server for your friends & family. However, it is also very convenient to use forte on your local machine as a stand-alone music player. Supports group streaming sessions. @@ -267,6 +269,7 @@ A [pastebin](https://en.wikipedia.org/wiki/Pastebin) is a type of online content - [PrivateBin](examples/privatebin) - PrivateBin is a minimalist, opensource online pastebin/discussion board where the server has zero knowledge of hosted data. - [Hemmelig](examples/hemmelig) - Keep your sensitive information out of chat logs, emails, and more with encrypted secrets. Free encrypted secret sharing for everyone! +- [Opengist](examples/opengist) - Self-hosted pastebin powered by Git, open-source alternative to Github Gist. ### File Transfer & Synchronization @@ -282,7 +285,6 @@ A [pastebin](https://en.wikipedia.org/wiki/Pastebin) is a type of online content - [Gokapi](examples/gokapi) - Lightweight selfhosted Firefox Send alternative without public upload. AWS S3 supported. - [Projectsend](examples/projectsend) - ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs and much more! - [Pwndrop](examples/pwndrop) - pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV. -- [Droppy](examples/droppy) (deprecated) - droppy is a self-hosted file storage server with a web interface and capabilities to edit files and view media directly in the browser. It is particularly well-suited to be run on low-end hardware like the Raspberry Pi. - [PairDrop](examples/pairdrop) - PairDrop is a sublime alternative to AirDrop that works on all platforms. Send images, documents or text via peer to peer connection to devices in the same local network/Wi-Fi or to paired devices. - [MinIO](examples/minio) - MinIO is an object storage server, compatible with Amazon S3 cloud storage service, mainly used for storing unstructured data (such as photos, videos, log files, etc.). - [Transfer.sh](examples/transfer.sh) - Easy and fast file sharing from the command-line. @@ -367,9 +369,9 @@ Software that helps to increase security and privacy. - [Greenbone](examples/greenbone) - Greenbone is the world's most trusted provider of open source vulnerability management. - [SonarQube](examples/sonarqube) - SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. - [Fail2ban](examples/fail2ban) - Fail2ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent against brute-force attacks. +- [CrowdSec](examples/crowdsec) - The open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI. - [Tor-Browser](examples/tor-browser) - Running a Tor browser instance on any headless server. - [Firefox](examples/firefox) - Firefox by linuxserver.io allows you to run the popular Firefox web broser on a remote server. -- [Bibliogram](examples/bibliogram) (deprecated) - Bibliogram is a private front-end frontend to Instagram, similar to Invidous. - [Nitter](examples/nitter) - Nitter is an alternative front-end to Twitter, and was inspired by Invidious. - [Unify Network Application](examples/unify-network-application) - The Unifi-network-application software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance. @@ -387,6 +389,7 @@ A [wiki](https://en.wikipedia.org/wiki/Wiki) is a publication collaboratively ed - [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking. - [HedgeDoc](examples/hedgedoc) - HedgeDoc lets you create real-time collaborative markdown notes. - [Docmost](examples/docmost) - Docmost is an open source collaborative documentation and wiki software. It is an open-source alternative to the likes of Confluence and Notion. +- [Atlassian Confluence](examples/atlassian-jira-confluence) - Confluence is a wiki solution built for business teams. ### Money, Budgeting & Management @@ -396,7 +399,7 @@ A [wiki](https://en.wikipedia.org/wiki/Wiki) is a publication collaboratively ed - [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data. - [Money-Balancer](examples/money-balancer) - A simple application for managing debt with your friends! -- [Firefly III](examples/firefly-iii) - A self-hosted manager for your personal finances. +- [Firefly III](examples/firefly) - A self-hosted manager for your personal finances. - [VoucherVault](examples/vouchervault) - Django web application to store and manage vouchers, coupons, loyalty and gift cards digitally. Supports expiry notifications, transaction histories and file uploads. ### Genealogy @@ -448,6 +451,7 @@ Software that does not fit in another section. - [Network-Multitool](examples/network-multitool) - Multi-arch multitool for container network troubleshooting. - [IT-Tools](examples/it-tools) - Collection of handy online tools for developers, with great UX. +- [Scratch-Map](examples/scratch-map) - An open-source scratch-off style map to track your travels. ## 🌟 Star History [![Star History Chart](https://api.star-history.com/svg?repos=Haxxnet/Compose-Examples&type=Date)](https://star-history.com/#Haxxnet/Compose-Examples&Date) diff --git a/examples/adguard-home-sync/docker-compose.yml b/examples/adguard-home-sync/docker-compose.yml index 14d592d..26c7a44 100644 --- a/examples/adguard-home-sync/docker-compose.yml +++ b/examples/adguard-home-sync/docker-compose.yml @@ -1,5 +1,5 @@ -version: "2.1" services: + adguardhome-sync: image: linuxserver/adguardhome-sync container_name: adguardhome-sync @@ -18,4 +18,4 @@ services: - PGID=1000 restart: unless-stopped volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home-sync:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home-sync:/config \ No newline at end of file diff --git a/examples/adguard-home/docker-compose.yml b/examples/adguard-home/docker-compose.yml index 193a761..95b0f5c 100644 --- a/examples/adguard-home/docker-compose.yml +++ b/examples/adguard-home/docker-compose.yml @@ -1,10 +1,9 @@ -version: "3" - services: + adguard: + image: adguard/adguardhome:latest container_name: adguard hostname: adguard - image: adguard/adguardhome:latest ports: - 3000:3000/tcp # only required during initial setup - 8080:80/tcp # web interface after setup diff --git a/examples/answer/docker-compose.yml b/examples/answer/docker-compose.yml index 3e70826..99adc72 100644 --- a/examples/answer/docker-compose.yml +++ b/examples/answer/docker-compose.yml @@ -1,11 +1,10 @@ -version: "3" - services: + answer: - container_name: answer image: answerdev/answer + container_name: answer ports: - - '9080:80' + - 9080:80 expose: - 80 restart: unless-stopped diff --git a/examples/archivebox/docker-compose.yml b/examples/archivebox/docker-compose.yml index 740c49d..4cabd33 100644 --- a/examples/archivebox/docker-compose.yml +++ b/examples/archivebox/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3.9" - services: + archivebox: image: archivebox/archivebox:dev container_name: archivebox diff --git a/examples/arr-suite/.env b/examples/arr-suite/.env new file mode 100644 index 0000000..35b2429 --- /dev/null +++ b/examples/arr-suite/.env @@ -0,0 +1,7 @@ +# see https://github.com/qdm12/gluetun-wiki for more details + +VPN_SERVICE_PROVIDER=mullvad +VPN_TYPE=wireguard +WIREGUARD_PRIVATE_KEY= +WIREGUARD_ADDRESSES= +SERVER_CITIES= diff --git a/examples/arr-suite/README.md b/examples/arr-suite/README.md index c782755..4656017 100644 --- a/examples/arr-suite/README.md +++ b/examples/arr-suite/README.md @@ -5,6 +5,7 @@ - https://docs.linuxserver.io/images/docker-radarr/ - https://docs.linuxserver.io/images/docker-lidarr/ - https://docs.linuxserver.io/images/docker-readarr/ +- https://docs.linuxserver.io/images/docker-bazarr/ - https://github.com/FlareSolverr/FlareSolverr - https://docs.linuxserver.io/images/docker-qbittorrent/ - https://hub.docker.com/r/qmcgaw/gluetun @@ -33,47 +34,178 @@ Docker stack consisting of various arr-services like: - Used for music - Readarr - Used for books +- Bazarr + - Used for subtitles - Flaresolverr - - Used to bypass Cloudflare for prowlarr - - You must add it at prowlarr as indexer with the tag `flaresolverr` + - Used to bypass CloudFlare for indexers on Prowlarr - Qbittorrent - Used as download client; run behind gluetun vpn killswitch container - - A temporary password for the `admin` user will be printed to the container log on startup. Change it immediately to a static one that does not change again. - Gluetun - - Used for establishing an openvpn/wireguard killswitch vpn connection for qbittorrent - - Requires an active subscription for a vpn provider (e.g. Mullvad) -- Emby / Jellyfin - - Used to manage your media libraries and stream it from various devices + - Used to establish a VPN killswitch connection for Qbittorrent to a commercial VPN provider (e.g. Mullvad) +- Emby or Jellyfin + - Used to manage your media libraries and stream content from various devices The following bind mount volumes are defined: - `/arr-suite/configs/` - holds the config files of an arr container -- `/arr-suite/media/` +- `/arr-suite/media/` - will hold your media files such as movies, music, books, tv-shows, qbittorrent downloads etc. ## Setup -You can follow this Youtube tutorial on how to setup most of the arr applications: +You can follow parts of [this Youtube tutorial](https://youtu.be/LD8-Qr3B2-o?si=49RQxJ5KRcoETCiQ&t=740) on how to configure most of the arr applications. -https://www.youtube.com/watch?v=LD8-Qr3B2-o +> **Note**: As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks! The only exception is qbittorrent, which uses the vpn killswitch network of the gluetun container. Here, the gluetun container will expose qbittorrent's web ui on TCP/8080 and the IP address of your docker host server. Setup qbittorrent in all arr-applications using your server's local IP address, on which port 8080 is mapped to. -**Note**: As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks! The only exception is qbittorrent, which uses the vpn killswitch network of the gluetun container. Here, the gluetun container will expose qbittorrent's web ui on TCP/8080 and the IP address of your docker host server. Setup qbittorrent in all arr-applications using your server's local IP address, on which port 8080 is mapped to. +Please make sure to configure authentication for all arr containers. Authentication is often optional and not enabled per default. -> [!WARNING] -> We configured qbittorrent to use the non-default path `/media/downloads` for downloads. -> -> Please define this location path in the qbittorrent admin panel too! +### Gluetun -![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/278b800d-2b6b-45cb-a44c-7f56def7f9d3) +Please refer to the official wiki of Gluetun to configure it for your commercial VPN provider in use. + +This must be done before spawning up the Docker Compose stack. + +For this compose example, we used Mullvad VPN, which is a privacy-friendly VPN provider that does not log. If you use another VPN provider, you have to adjust the environment variables typically. + +https://github.com/qdm12/gluetun-wiki + +### Volume Mappings + +The following bind mount volumes are defined within the Docker Compose stack: + +- `/arr-suite/configs/` + - holds the config files of an arr container; automatically created during during compose stack start +- `/arr-suite/media/` + - will hold your media files such as movies, music, books, tv-shows, qbittorrent downloads etc. + - only the downloads folder will be created automatically by Qbittorrent during compose stack start + +The media folders should be created before starting up the compose stack. To do so, issue these commands: + +````bash +# create subfolders for our media library +mkdir -p ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/{downloads,movies,tv-shows,music,books} + +# adjust permissions +sudo chown -R 1000:1000 ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/ +sudo chmod -R 775 ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/ +```` + +Afterwards, we can spawn up the stack via: + +````bash +docker compose up -d +```` + +### Prowlarr + +#### API Connection to other Arrs + +After spawning up the compose stack, Prowlarr will be accessible on `http://:9696`. + +Within Prowlarr, we have to configure API connectivity to Sonarr, Lidarr, Readarr and any other arrs. To do so, just log into Prowlarr via the HTTP UI and access `Settings > Apps` under `/settings/applications`. Hit the plus button and add your arr application. + +To add an arr application, you typically have to create an API key first. To do so, log into the other arr applications via the UI and create an API key. You can find the application area for this typically at `Settings > General > API Key` under `/settings/general`. + +Just make sure that the URL is correct and paste the API key. Should look something like this: ![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/8915f9f3-081f-41d2-9c5e-bdf9553e09c2) ![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/94de5802-3b26-420b-bb1d-ac82cd5a5cfb) +> **Note**: As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. + +#### FlareResolverr CloudFlare Bypass + +Moreover, we will add FlareResolverr to Prowlarr in order to bypass CloudFlare for some indexers. To do so, head over to `Settings > Indexer` under `/settings/indexers`. Hit the plus button and add FlareResolverr. + +Ensure to define the correct URL and also the tag `flaresolverr`. The tag must be defined again when adding indexers that are protected by CloudFlare (e.g. 1337x). + ![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/19a26a74-dae0-4381-9614-46d20f912542) -## Traefik + Emby + HTTP Headers +![image](https://github.com/user-attachments/assets/548c8e93-24da-41fb-8b4d-ba7d9061b51f) + +#### Qbittorrent Download Client + +Finally, add Qbittorrent as download client to Prowlarr. Head over to `Settings > Download Clients` and add a new one. + +Define your server's IP address at `Host` (or the container name `arr-suite-gluetun`) and `8080` at `Port`. + +![image](https://github.com/user-attachments/assets/a21d117c-7ebf-4e01-a14e-11b8e3e59600) + +### Qbittorrent + +> [!WARNING] +> Qbittorrent is run behind the Gluetun VPN killswitch container. Therefore, we have to port map the Qbittorrent port 8080 at the gluetun container. +> +> This is also the reason why we define `arr-suite-gluetun` as host when adding Qbittorent and its port 8080 as download client to other arr containers. + +Log into the Qbittorrent's web UI. The UI is typically accessible from `http://:8080`. + +The default username is `admin`. Make sure to change the password immediately. The initial password is printed in the container logs. If you do not change the password immediately, a new password will be printed and set upon each container restart. + +Then head over to `Settings > Downloads` and configure the custom download path `/media/downloads` as follows: + +![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/278b800d-2b6b-45cb-a44c-7f56def7f9d3) + +> [!TIP] +> If you would like to ensure that Qbittorrent downloads stuff via the gluetun VPN killswitch and not your personal WAN IP, you may use [this GitHub project](https://github.com/AKK9/torrent-ip-checker). It is an example torrent file, which does not actually download something malicious but reports back your disclosed IP address. The reported IP address must be the one from your commercial VPN provider like Mullvad. +> +> Just [download the torrent file](https://vvdapo30eb.execute-api.eu-west-2.amazonaws.com/torrent) and upload it via Qbittorrent's web UI via `File > Add torrent file`. + +![image](https://github.com/user-attachments/assets/5c7531eb-2cd7-4b16-968d-32a00cc4020a) + +#### Indexers + +Add your preferred indexers such as 1337X and many others. Do not forget to add the `flaresolverr` tag to bypass CloudFlare. + +### Sonarr, Radarr, Lidarr, Readarr, Bazarr + +All other arr applications follow the same configuration steps. + +- Sonarr is accessible at `http://:8989/` +- Radarr is accessible at `http://:7878/` +- Lidarr is accessible at `http://:8686/` +- Readarr is accessible at `http://:8787/` +- Bazarr is accessible at `http://:6767/` + +Follow these steps for each individuall arr container: + +1. Configure authentication for the arr's HTTP UI. Can be done regularly via `Settings > General`. +2. Ensure to define your media location. Can be done regularly via `Settings > Media Management > Root Folders > Path`. Should point to `/media/music` for Lidarr, `/media/tv-shows` for Sonarr, `/media/movies` for Radarr and `/media/books` for Readarr and so on. If those subdirectories do not exist yet, go ahead and create them via the following command: + - `mkdir -p /mnt/docker-volumes/arr-suite/media/{downloads,movies,tv-shows,music,books}` +4. Configure Qbittorrent as download client. Can be done regularly via `Settings > Download Clients`. Define your server's IP address at `Host` (or the container name `arr-suite-gluetun`) and `8080` at `Port`. +5. Configure Bazarr for Radarr and Sonarr. See https://wiki.bazarr.media/Getting-Started/Setup-Guide/ +6. Fix all `System > Health` warnings and errors reported by each arr container. May refer to https://wiki.servarr.com/. + +### Emby / Jellyfin + +The Docker Compose stack makes use of Emby as default. + +You can switch to Jellyfin by removing the Emby container service and uncommenting the Jellyfin one though. + +- Emby or Jellyfin is accessible at `http://:8096/` + +Follow the below steps to configure one of these media streaming containers: + +1. Setup authentication for your media streaming app. Is done automatically during the HTTP setup wizard. +2. Ensure to define your media location for your library. Can be done natively via the HTTP UI settings. +3. Configure transcoding and passthrough your GPU into the container (optional) + +### Reverse Proxy + +It is recommended to run all containers with an HTTP UI behind a reverse proxy. The reverse proxy can enforce a TLS encrypted communication channel with valid SSL certificates. Also add access controls via IP whitelisting, IdP forward-auth and many more. + +This example Compose Stack includes labels for the Traefik reverse proxy. Uncomment those to make use of it. Otherwise, remove them. + +If you run a different reverse proxy, please refer to the official documentation on how to configure proxy hosts. The ports to proxy on are defined in the Docker Compose file using the `expose` directive. + +> [!TIP] +> Once a reverse proxy is in use, you can typically remove all port mappings from the Docker Compose file. The reverse proxy will do the proxying and must be placed in the same Docker bridge network as the arr media stack. +> +> Note that the Qbittorrent TCP/8080 port is mapped at the Gluetun VPN killswitch container. So your reverse proxy must proxy to the 8080 port mapped on your docker server's IP address in order to access the Qbittorrent admin UI. + +#### Traefik + Emby + HTTP Headers During the setup of Emby in a web browser (HTTPS via Traefik) you may notice errors in the developer console, which prevent the web page from loading properly. diff --git a/examples/arr-suite/docker-compose.yml b/examples/arr-suite/docker-compose.yml index 2f0cf44..a114668 100644 --- a/examples/arr-suite/docker-compose.yml +++ b/examples/arr-suite/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.6" - services: # image used to index torrent links from the internet @@ -11,7 +9,7 @@ services: - PGID=1000 - TZ=Europe/Berlin volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/prowlarr:/config # database and Prowlarr configs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/prowlarr:/config # location of database and configs expose: - 9696/tcp # web ui ports: @@ -36,8 +34,8 @@ services: - PGID=1000 - TZ=Europe/Berlin volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/sonarr:/config # database and Radarr configs - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/sonarr:/config # location of database and configs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library + qbittorrent download folder expose: - 8989/tcp # web ui ports: @@ -62,8 +60,8 @@ services: - PGID=1000 - TZ=Europe/Berlin volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/radarr:/config - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/radarr:/config # location of database and configs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library + qbittorrent download folder expose: - 7878/tcp # web ui ports: @@ -88,8 +86,8 @@ services: - PGID=1000 - TZ=Europe/Berlin volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/lidarr:/config - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/lidarr:/config # location of database and configs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library + qbittorrent download folder expose: - 8686/tcp # web ui ports: @@ -114,8 +112,8 @@ services: - PGID=1000 - TZ=Europe/Berlin volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/readarr:/config - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/readarr:/config # location of database and configs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library + qbittorrent download folder expose: - 8787/tcp # web ui ports: @@ -131,6 +129,32 @@ services: # # Optional part for traefik middlewares # - traefik.http.routers.readarr.middlewares=local-ipwhitelist@file + # image used to manage subtitles + bazarr: + image: lscr.io/linuxserver/bazarr:latest + container_name: arr-suite-bazarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/bazarr:/config # location of database and configs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media library (optional) + expose: + - 6767/tcp # web ui + ports: + - 6767:6767/tcp # web ui + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.bazarr.rule=Host(`bazarr.example.com`) + # - traefik.http.services.bazarr.loadbalancer.server.port=6767 + # # Optional part for traefik middlewares + # - traefik.http.routers.bazarr.middlewares=local-ipwhitelist@file + # image used to bypass cloudflare for prowlarr flaresolverr: image: flaresolverr/flaresolverr:latest @@ -157,10 +181,11 @@ services: environment: # see https://github.com/qdm12/gluetun-wiki for more details # example envs based on https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md - - VPN_SERVICE_PROVIDER=mullvad # define the vpn provider - - VPN_TYPE=wireguard # define the vpn protocol to use - - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # define your wireguard private key here - - WIREGUARD_ADDRESSES=10.64.222.21/32 # define the ipv4 vpn network subnet here + - VPN_SERVICE_PROVIDER=${VPN_SERVICE_PROVIDER:-mullvad} # define the vpn provider + - VPN_TYPE=${VPN_TYPE:-wireguard} # define the vpn protocol to use + - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY:?WIREGUARD_PRIVATE_KEY must be set} # define your wireguard private key here + - WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESSES:?WIREGUARD_ADDRESSES must be set} # define the ipv4 vpn network subnet here + - SERVER_CITIES=${SERVER_CITIES:?SERVER_CITIES must be set} # define the server cities volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/gluetun:/gluetun restart: unless-stopped @@ -184,8 +209,8 @@ services: - TZ=Europe/Berlin - WEBUI_PORT=8080 volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config # location of database and configs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads # location of qbittorrent downloads depends_on: - gluetun network_mode: container:arr-suite-gluetun # use the gluetun container network (vpn killswitch) @@ -200,9 +225,9 @@ services: - PGID=1000 - TZ=Europe/Berlin volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby:/config # emby data storage location; can grow very large - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # media goes here - #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby/lib:/opt/vc/lib # optional; path for Raspberry Pi OpenMAX libs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby:/config # location of database and configs; can grow very large + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # location of media library + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby/lib:/opt/vc/lib # location for Raspberry Pi OpenMAX libs (optional) expose: - 8096/tcp # http web ui - 8920/tcp # https web ui @@ -234,9 +259,9 @@ services: # - PGID=1000 # - TZ=Europe/Berlin # volumes: - # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin:/config # emby data storage location; can grow very large - # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # media goes here - # #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin/lib:/opt/vc/lib # optional; path for Raspberry Pi OpenMAX libs + # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin:/config # location of database and configs; can grow very large + # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # location of media library + # #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin/lib:/opt/vc/lib # location for Raspberry Pi OpenMAX libs (optional) # expose: # - 8096/tcp # http web ui # ports: diff --git a/examples/atlassian-jira-confluence/README.md b/examples/atlassian-jira-confluence/README.md new file mode 100644 index 0000000..c27e8c3 --- /dev/null +++ b/examples/atlassian-jira-confluence/README.md @@ -0,0 +1,14 @@ +# References + +- https://atlassian.github.io/data-center-helm-charts/containers/JIRA/ +- https://atlassian.github.io/data-center-helm-charts/containers/CONFLUENCE/ +- https://hub.docker.com/r/atlassian/jira-core +- https://hub.docker.com/r/atlassian/confluence + +# Notes + +The Jira Core container requires a database. + +The compose stack will spawn up a postgresql database for this. You can configure the database connection from Jira's setup wizard via the HTTP UI. + +May use a dedicated `.env` file to provide your custom DB credentials. Ensure to use secure passwords! diff --git a/examples/atlassian-jira-confluence/docker-compose.yml b/examples/atlassian-jira-confluence/docker-compose.yml new file mode 100644 index 0000000..d691cd1 --- /dev/null +++ b/examples/atlassian-jira-confluence/docker-compose.yml @@ -0,0 +1,126 @@ +services: + + confluence: + image: atlassian/confluence:9.0.3 + container_name: confluence + hostname: confluence + restart: unless-stopped + environment: + # detailed debug messages during the container initialization + - VERBOSE_LOGS=false + # maximum number of days for access logs to be retained before being deleted + - ATL_TOMCAT_ACCESS_LOGS_MAXDAYS=360 + # The maximum time a user can remain logged-in with remember me feature (in seconds; default 2 weeks). + - ATL_AUTOLOGIN_COOKIE_AGE=1209600 + # The minimum heap size of the JVM + - JVM_MINIMUM_MEMORY=1024m + # maximum heap size of the JVM + - JVM_MAXIMUM_MEMORY=1024m + # reserved code cache size of the JVM + - JVM_RESERVED_CODE_CACHE_SIZE=256m + # reverse proxy setup + - ATL_PROXY_NAME=confluence.example.com + - ATL_PROXY_PORT=443 + - ATL_TOMCAT_PORT=8090 + - ATL_TOMCAT_SCHEME=https + - ATL_TOMCAT_SECURE=false + # list of trusted reverse proxy ips separated by a pipe character + - ATL_TOMCAT_TRUSTEDPROXIES=192.168.0.0/24|10.0.0.0/8|172.16.0.0/16 + ports: + - 8090:8090/tcp + expose: + - 8090 # http web + - 8091 # synchrony api + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/confluence/data:/var/atlassian/application-data/confluence + networks: + - atlassian-network + #labels: + # - traefik.enable=true + # - traefik.docker.network=atlassian-network + # - traefik.http.routers.confluence.rule=Host(`confluence.example.com`) + # - traefik.http.services.confluence.loadbalancer.server.port=8090 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.confluence.middlewares=local-ipwhitelist@file + + jira: + image: atlassian/jira-core:9.9.2 + container_name: jira + hostname: jira + restart: unless-stopped + environment: + # detailed debug messages during the container initialization + - VERBOSE_LOGS=false + # maximum number of days for access logs to be retained before being deleted + - ATL_TOMCAT_ACCESS_LOGS_MAXDAYS=360 + # The maximum time a user can remain logged-in with remember me feature (in seconds; default 2 weeks) + - ATL_AUTOLOGIN_COOKIE_AGE=1209600 + # The minimum heap size of the JVM + - JVM_MINIMUM_MEMORY=1024m + # maximum heap size of the JVM + - JVM_MAXIMUM_MEMORY=1024m + # reserved code cache size of the JVM + - JVM_RESERVED_CODE_CACHE_SIZE=256m + # reverse proxy setup + - ATL_PROXY_NAME=jira.example.com + - ATL_PROXY_PORT=443 + - ATL_TOMCAT_PORT=8090 + - ATL_TOMCAT_SCHEME=https + - ATL_TOMCAT_SECURE=false + # list of trusted reverse proxy ips separated by a pipe character + - ATL_TOMCAT_TRUSTEDPROXIES=192.168.0.0/24|10.0.0.0/8|172.16.0.0/16 + depends_on: + - postgresql + ports: + - 8080:8080/tcp + expose: + - 8080 # http web + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jira/data:/var/atlassian/application-data/jira + networks: + - atlassian-network + - internal-db-network + #labels: + # - traefik.enable=true + # - traefik.docker.network=atlassian-network + # - traefik.http.routers.jira.rule=Host(`jira.example.com`) + # - traefik.http.services.jira.loadbalancer.server.port=8080 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.jira.middlewares=local-ipwhitelist@file + + postgresql: + image: docker.io/library/postgres:16-alpine + container_name: jira-psql + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + expose: + - 5432 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jira/psql:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${PG_PASS:-jira} + POSTGRES_USER: ${PG_USER:-jira} + POSTGRES_DB: ${PG_DB:-jira} + networks: + - internal-db-network + +networks: + atlassian-network: + external: true + internal-db-network: + internal: true diff --git a/examples/authelia/docker-compose.yml b/examples/authelia/docker-compose.yml index 191c343..512e04f 100644 --- a/examples/authelia/docker-compose.yml +++ b/examples/authelia/docker-compose.yml @@ -1,13 +1,10 @@ -version: '3.3' - services: + authelia: image: authelia/authelia container_name: authelia volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/config:/config - networks: - - proxy labels: - 'traefik.enable=true' - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)' # replace with your domain name @@ -15,11 +12,15 @@ services: - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com' # replace with your domain name - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length + ports: + - 9091:9091/tcp expose: - 9091 restart: unless-stopped environment: - TZ=Europe/Berlin + #networks: + # - proxy redis: image: redis:alpine @@ -27,14 +28,14 @@ services: command: redis-server --requirepass SuperSecureRedisAuthPassword # also reflect this in the authelia config file volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/redis:/data - networks: - - proxy expose: - 6379 restart: unless-stopped environment: - TZ=Europe/Berlin + #networks: + # - proxy -networks: - proxy: - external: true +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/authentik/.env b/examples/authentik/.env index 04690ed..1b9c852 100644 --- a/examples/authentik/.env +++ b/examples/authentik/.env @@ -1,5 +1,5 @@ # define the version to use -AUTHENTIK_VERSION=2024.8 +AUTHENTIK_VERSION=2024.10 # database credentials PG_USER=authentik diff --git a/examples/authentik/README.md b/examples/authentik/README.md index 5f00ae0..fe11ecc 100644 --- a/examples/authentik/README.md +++ b/examples/authentik/README.md @@ -5,10 +5,20 @@ # Notes -After spawning up this Authentik stack, you will be greeted by Authentik's login dashboard. However, you have to onboard an admin user first. +Adjust the `.env` file with your private secrets and spawn up the stack: + +```` +docker compose up -d +```` + +After spawning up the Authentik stack, you will be greeted by Authentik's login dashboard. However, you have to onboard an admin user first. This is done by visiting the following URL: ```` -http(s):///if/flow/initial-setup/ +# with TLS reverse proxy +https:///if/flow/initial-setup/ + +# without TLS reverse proxy +https://:9000/if/flow/initial-setup/ ```` diff --git a/examples/authentik/docker-compose.yml b/examples/authentik/docker-compose.yml index a38ea6e..f67fb27 100644 --- a/examples/authentik/docker-compose.yml +++ b/examples/authentik/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.4" - services: postgresql: @@ -40,7 +38,7 @@ services: - authentik-internal authentik-proxy: - image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.8} + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.10} container_name: authentik restart: unless-stopped command: server @@ -54,6 +52,9 @@ services: volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/media:/media - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/custom-templates:/templates + ports: + - 9000:9000/tcp # http + - 9443:9443/tcp # https expose: - 9000 - 9443 @@ -65,17 +66,17 @@ services: networks: - proxy - authentik-internal - labels: - - traefik.enable=true - - traefik.http.routers.authentik.rule=Host(`authentik.example.com`) || HostRegexp(`{subdomain:[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?}.example.com`) && PathPrefix(`/outpost.goauthentik.io/`) - - traefik.http.services.authentik.loadbalancer.server.port=9000 - - traefik.docker.network=proxy - - traefik.http.middlewares.authentik.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik - - traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true - - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version + #labels: + # - traefik.enable=true + # - traefik.http.routers.authentik.rule=Host(`authentik.example.com`) || HostRegexp(`{subdomain:[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?}.example.com`) && PathPrefix(`/outpost.goauthentik.io/`) + # - traefik.http.services.authentik.loadbalancer.server.port=9000 + # - traefik.docker.network=proxy + # - traefik.http.middlewares.authentik.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik + # - traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true + # - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version worker: - image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.8} + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.10} container_name: authentik-worker restart: unless-stopped command: worker @@ -97,10 +98,11 @@ services: - postgresql - redis networks: + - proxy - authentik-internal networks: proxy: external: true authentik-internal: - external: true + internal: true diff --git a/examples/bibliogram/README.md b/examples/bibliogram/README.md deleted file mode 100644 index 4c99468..0000000 --- a/examples/bibliogram/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# References - -- https://hub.docker.com/r/schklom/bibliogram -- https://git.sr.ht/~cadence/bibliogram-docs/tree/master/docs/Configuring.md#files \ No newline at end of file diff --git a/examples/bibliogram/config.js b/examples/bibliogram/config.js deleted file mode 100644 index 4e6754d..0000000 --- a/examples/bibliogram/config.js +++ /dev/null @@ -1,3 +0,0 @@ -module.exports = { - website_origin: "https://mydomain.net" -} \ No newline at end of file diff --git a/examples/bibliogram/docker-compose.yml b/examples/bibliogram/docker-compose.yml deleted file mode 100644 index 94edacb..0000000 --- a/examples/bibliogram/docker-compose.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: '3.4' -services: - bibliogram: - image: schklom/bibliogram - container_name: bibliogram - volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bibliogram/config.js:/app/config.js:ro - ports: - - 10407:10407 - restart: unless-stopped - #networks: - # - proxy - #labels: - # - traefik.enable=true - # - traefik.docker.network=proxy - # - traefik.http.routers.bibliogram.rule=Host(`bibliogram.example.com`) - # - traefik.http.services.bibliogram.loadbalancer.server.port=10407 - # # Optional part for traefik middlewares - # - traefik.http.routers.bibliogram.middlewares=local-ipwhitelist@file,authelia@docker - -#networks: -# proxy: -# external: true diff --git a/examples/bitwarden/docker-compose.yml b/examples/bitwarden/docker-compose.yml index 7d438be..8f722ec 100644 --- a/examples/bitwarden/docker-compose.yml +++ b/examples/bitwarden/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3.8" - services: + bitwarden: image: bitwarden/self-host:2024.8.0-beta container_name: bitwarden_unified diff --git a/examples/bookstack/docker-compose.yml b/examples/bookstack/docker-compose.yml index 43c5e83..338c8f6 100644 --- a/examples/bookstack/docker-compose.yml +++ b/examples/bookstack/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3" - services: + bookstack: image: linuxserver/bookstack container_name: bookstack @@ -18,6 +17,8 @@ services: restart: unless-stopped ports: - 8099:80 + expose: + - 80 depends_on: - bookstack_db #networks: @@ -47,6 +48,8 @@ services: - MYSQL_DATABASE=bookstackapp - MYSQL_USER=bookstack - MYSQL_PASSWORD=USERPW1 + expose: + - 3306 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bookstack/mariadb-config:/config restart: unless-stopped diff --git a/examples/caddy/docker-compose.yml b/examples/caddy/docker-compose.yml index 36a7179..e6450aa 100644 --- a/examples/caddy/docker-compose.yml +++ b/examples/caddy/docker-compose.yml @@ -1,5 +1,5 @@ -version: "3.7" services: + caddy: image: caddy:latest container_name: caddy @@ -9,6 +9,9 @@ services: ports: - "80:80" - "443:443" + expose: + - 80 # http + - 443 # https volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/CaddyFile:/etc/caddy/Caddyfile - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/data:/data diff --git a/examples/changedetection/docker-compose.yml b/examples/changedetection/docker-compose.yml index 42cd545..c39a3b2 100644 --- a/examples/changedetection/docker-compose.yml +++ b/examples/changedetection/docker-compose.yml @@ -1,5 +1,5 @@ -version: "2.1" services: + changedetection: image: lscr.io/linuxserver/changedetection.io:latest container_name: changedetection @@ -11,6 +11,8 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/changedetection/config:/config ports: - 5000:5000 + expose: + - 5000 restart: unless-stopped #networks: # - proxy diff --git a/examples/chevereto/README.md b/examples/chevereto/README.md index fd5d967..cc57664 100644 --- a/examples/chevereto/README.md +++ b/examples/chevereto/README.md @@ -24,7 +24,7 @@ docker exec -it chevereto bash # fixing permissions to www-data mkdir -p /var/www/html/images/_assets chown -R www-data:www-data /var/www/html/images/* -chmod -R 777 /var/www/html/images/* +chmod -R 775 /var/www/html/images/* ```` No container restart necessary. The web application should now work flawlessly. diff --git a/examples/chevereto/docker-compose.yml b/examples/chevereto/docker-compose.yml index 084ea83..9ec5f3e 100644 --- a/examples/chevereto/docker-compose.yml +++ b/examples/chevereto/docker-compose.yml @@ -1,8 +1,7 @@ -version: "3.7" - services: + chevereto: - image: ghcr.io/chevereto/chevereto:4.0 + image: ghcr.io/chevereto/chevereto:4.1 container_name: chevereto init: true restart: unless-stopped @@ -40,6 +39,8 @@ services: container_name: chevereto_mariadb restart: unless-stopped init: true + expose: + - 3306 environment: MYSQL_DATABASE: chevereto MYSQL_USER: chevereto diff --git a/examples/cloudflare-ddns/docker-compose.yml b/examples/cloudflare-ddns/docker-compose.yml index 823aece..adccde8 100644 --- a/examples/cloudflare-ddns/docker-compose.yml +++ b/examples/cloudflare-ddns/docker-compose.yml @@ -1,5 +1,5 @@ -version: "3" services: + cloudflare-ddns: image: favonia/cloudflare-ddns:latest container_name: cloudflare-ddns diff --git a/examples/code-server/docker-compose.yml b/examples/code-server/docker-compose.yml index 5551a30..15839b1 100644 --- a/examples/code-server/docker-compose.yml +++ b/examples/code-server/docker-compose.yml @@ -1,5 +1,3 @@ -version: "2.1" - services: code-server: @@ -18,6 +16,8 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vscode/config:/config ports: - 8443:8443 + expose: + - 8443 restart: unless-stopped #networks: # - proxy diff --git a/examples/crowdsec/README.md b/examples/crowdsec/README.md new file mode 100644 index 0000000..6a6a205 --- /dev/null +++ b/examples/crowdsec/README.md @@ -0,0 +1,6 @@ +# References +- https://github.com/crowdsecurity/crowdsec +- https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin +- https://app.crowdsec.net/hub/collections +- https://blog.lrvt.de/configuring-crowdsec-with-traefik/ +- https://www.reddit.com/r/selfhosted/comments/1dcn19v/standing_up_the_crowdsec_bouncer_plugin_in_traefik/ diff --git a/examples/crowdsec/docker-compose.yml b/examples/crowdsec/docker-compose.yml new file mode 100644 index 0000000..0f2d7cb --- /dev/null +++ b/examples/crowdsec/docker-compose.yml @@ -0,0 +1,34 @@ +services: + + crowdsec: + image: crowdsecurity/crowdsec:v1.6.4 + container_name: crowdsec + restart: unless-stopped + ports: + - 127.0.0.1:9876:8080 # http api for local fw bouncers + - 127.0.0.1:6060:6060 # metrics endpoint for prometheus + expose: + - 8080 # http api for bouncers + - 6060 # metrics endpoint for prometheus + - 7422 # appsec waf endpoint + volumes: + # crowdsec container data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/crowdsec/data:/var/lib/crowdsec/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/crowdsec/etc:/etc/crowdsec + # log bind mounts into crowdsec + - /var/log/auth.log:/var/log/auth.log:ro + - /var/log/syslog:/var/log/syslog:ro + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik:ro + environment: + - GID=1000 + - COLLECTIONS=crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/base-http-scenarios crowdsecurity/sshd crowdsecurity/linux crowdsecurity/appsec-crs crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching + #- BOUNCER_KEY_=${CROWDSEC-BOUNCER-API-TOKEN:-FIXME-LAPI-KEY} # pre-supply a bouncer with api key + #- CUSTOM_HOSTNAME=crowdsec-host123 + #security_opt: + # - no-new-privileges=true + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/cs2-dedicated-server/docker-compose.yml b/examples/cs2-dedicated-server/docker-compose.yml index e82bde1..ad016fc 100644 --- a/examples/cs2-dedicated-server/docker-compose.yml +++ b/examples/cs2-dedicated-server/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.7' - services: cs2-server: diff --git a/examples/dashy/docker-compose.yml b/examples/dashy/docker-compose.yml index 410b3b2..f616d01 100644 --- a/examples/dashy/docker-compose.yml +++ b/examples/dashy/docker-compose.yml @@ -1,10 +1,9 @@ ---- -version: "3.8" services: + dashy: + image: lissy93/dashy container_name: dashy hostname: dashy - image: lissy93/dashy volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/dashy/config/config.yml:/app/public/conf.yml - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/dashy/icons:/app/public/item-icons @@ -14,7 +13,9 @@ services: - GID=1000 restart: unless-stopped ports: - - 4000:80 + - 4000:80 + expose: + - 80 healthcheck: test: ['CMD', 'node', '/app/services/healthcheck'] interval: 1m30s diff --git a/examples/deemix/docker-compose.yml b/examples/deemix/docker-compose.yml index 9ea0b03..7b15718 100644 --- a/examples/deemix/docker-compose.yml +++ b/examples/deemix/docker-compose.yml @@ -1,13 +1,12 @@ -version: "3" - services: + deemix: + image: registry.gitlab.com/bockiii/deemix-docker:latest container_name: deemix + hostname: deemix environment: - PUID=1000 - PGID=1000 - hostname: deemix - image: registry.gitlab.com/bockiii/deemix-docker:latest restart: unless-stopped ports: - 6595:6595 diff --git a/examples/docmost/docker-compose.yml b/examples/docmost/docker-compose.yml index 2a24fec..53a769f 100644 --- a/examples/docmost/docker-compose.yml +++ b/examples/docmost/docker-compose.yml @@ -1,9 +1,7 @@ -version: '3' - services: docmost: - image: docmost/docmost:0.2.10 + image: docmost/docmost:0.5 container_name: docmost depends_on: - db @@ -53,6 +51,8 @@ services: - POSTGRES_USER=docmost - POSTGRES_PASSWORD=STRONG_DB_PASSWORD restart: unless-stopped + expose: + - 5432 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/database:/var/lib/postgresql/data #networks: @@ -62,6 +62,8 @@ services: image: redis:7.2-alpine container_name: docmost-redis restart: unless-stopped + expose: + - 6379 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/redis:/data #networks: diff --git a/examples/docuseal/docker-compose.yml b/examples/docuseal/docker-compose.yml index 46c61d6..352cad8 100644 --- a/examples/docuseal/docker-compose.yml +++ b/examples/docuseal/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3' - services: app: @@ -28,7 +26,7 @@ services: # - traefik.http.routers.docuseal.middlewares=local-ipwhitelist@file,authelia@docker postgres: - image: postgres:15-alpine + image: postgres:16-alpine container_name: docuseal-db restart: unless-stopped environment: diff --git a/examples/domainmod/docker-compose.yml b/examples/domainmod/docker-compose.yml index 3acedee..87ea8e2 100644 --- a/examples/domainmod/docker-compose.yml +++ b/examples/domainmod/docker-compose.yml @@ -1,6 +1,5 @@ ---- -version: '3.7' services: + app: image: domainmod/domainmod:latest container_name: domainmod_app @@ -20,6 +19,8 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/domainmod/app:/var/www/html ports: - 8080:80 + expose: + - 80 restart: unless-stopped db: diff --git a/examples/drone/docker-compose.yml b/examples/drone/docker-compose.yml index f251cc2..09dad5a 100644 --- a/examples/drone/docker-compose.yml +++ b/examples/drone/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3.7" - services: + drone-server: image: drone/drone:latest container_name: drone-server @@ -26,15 +25,15 @@ services: - DRONE_AGENTS_ENABLED=true - DRONE_GITEA_CLIENT_ID=XXX-XXX # change this to your client ID from Gitea; see https://docs.drone.io/server/provider/gitea/ - DRONE_GITEA_CLIENT_SECRET=XXX-XXX # change this to your client secret from Gitea; see https://docs.drone.io/server/provider/gitea/ - networks: - - proxy - labels: - - traefik.enable=true - - traefik.http.routers.drone-server.rule=Host(`drone.domain.tld`) - - traefik.http.services.drone-server.loadbalancer.server.port=80 - - traefik.docker.network=proxy - # Part for local lan services only; disable to expose externally - - traefik.http.routers.drone-server.middlewares=local-ipwhitelist@file + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.drone-server.rule=Host(`drone.domain.tld`) + # - traefik.http.services.drone-server.loadbalancer.server.port=80 + # - traefik.docker.network=proxy + # # Part for local lan services only; disable to expose externally + # - traefik.http.routers.drone-server.middlewares=local-ipwhitelist@file drone-agent: image: drone/agent:1.2.1 @@ -47,9 +46,9 @@ services: - DRONE_RPC_SERVER=http://drone-server:80 - DRONE_RPC_SECRET=8aff725d2e16ef31fbc42 - DRONE_RUNNER_CAPACITY=2 - networks: - - proxy + #networks: + # - proxy -networks: - proxy: - external: true +#networks: +# proxy: +# external: true diff --git a/examples/droppy/README.md b/examples/droppy/README.md deleted file mode 100644 index 66d64bc..0000000 --- a/examples/droppy/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# References - -- https://github.com/silverwind/droppy (deprecated) diff --git a/examples/droppy/docker-compose-deprecated.yml b/examples/droppy/docker-compose-deprecated.yml deleted file mode 100644 index 11701a0..0000000 --- a/examples/droppy/docker-compose-deprecated.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '2' - -services: - droppy: - container_name: droppy - image: silverwind/droppy - ports: - - 8989:8989 - volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/droppy/config:/config - - /path/to/my/data/for/sharing:/files # path to shared files - environment: - - UID=1000 - - GID=1000 - - TZ="Europe/Berlin" - restart: unless-stopped diff --git a/examples/duplicacy/docker-compose.yml b/examples/duplicacy/docker-compose.yml index be355b8..ff09f1b 100644 --- a/examples/duplicacy/docker-compose.yml +++ b/examples/duplicacy/docker-compose.yml @@ -1,11 +1,9 @@ ---- -version: '3.7' - services: + duplicacy-web: + image: saspus/duplicacy-web:mini container_name: duplicacy-web hostname: myhost # pls adjust - image: saspus/duplicacy-web:mini environment: - USR_ID=1000 # user account id on the system - GRP_ID=1000 # group id on the system @@ -13,6 +11,8 @@ services: - DUPLICACY_WEB_VERSION=latest ports: - "3875:3875/tcp" + expose: + - 3875 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/config:/config - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/logs:/logs diff --git a/examples/duplicati/docker-compose.yml b/examples/duplicati/docker-compose.yml index 9440ebf..7d97a92 100644 --- a/examples/duplicati/docker-compose.yml +++ b/examples/duplicati/docker-compose.yml @@ -1,18 +1,26 @@ -version: "3" - services: + duplicati: + image: linuxserver/duplicati:latest container_name: duplicati + hostname: duplicati entrypoint: - /init ports: - 8200:8200 # MGMT UI + expose: + - 8200 environment: - PUID=0 - PGID=1000 - TZ=Europe/Berlin - hostname: duplicati - image: linuxserver/duplicati:latest + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/backups:/backups + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/config:/config + - /path/to/my/data/to/backup:/source # change this + #networks: + # - proxy #labels: # - com.centurylinklabs.watchtower.enable=false # - traefik.enable=true @@ -21,8 +29,8 @@ services: # - traefik.docker.network=proxy # # Part for local lan services only # - traefik.http.routers.duplicati.middlewares=local-ipwhitelist@file - restart: unless-stopped - volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/backups:/backups - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/config:/config - - /path/to/my/data/to/backup:/source # change this + +#networks: +# proxy: +# external: true + diff --git a/examples/evershop/docker-compose.yml b/examples/evershop/docker-compose.yml index ca4eabe..85bc14c 100644 --- a/examples/evershop/docker-compose.yml +++ b/examples/evershop/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.8' - services: app: @@ -29,7 +27,7 @@ services: # - traefik.http.routers.evershop.middlewares=local-ipwhitelist@file,authelia@docker database: - image: postgres:16 + image: postgres:16-alpine container_name: evershop-db restart: unless-stopped volumes: diff --git a/examples/excalidraw/docker-compose.yml b/examples/excalidraw/docker-compose.yml index f8ea525..9df3e52 100644 --- a/examples/excalidraw/docker-compose.yml +++ b/examples/excalidraw/docker-compose.yml @@ -1,17 +1,18 @@ -version: "3.8" - services: + excalidraw: - container_name: excalidraw image: excalidraw/excalidraw:latest - ports: - - "3000:80" + container_name: excalidraw restart: unless-stopped stdin_open: true healthcheck: disable: true environment: - NODE_ENV=production + ports: + - "3000:80" + expose: + - 80 #networks: # - proxy #volumes: diff --git a/examples/fail2ban/docker-compose.yml b/examples/fail2ban/docker-compose.yml index cc04635..56da88d 100644 --- a/examples/fail2ban/docker-compose.yml +++ b/examples/fail2ban/docker-compose.yml @@ -1,18 +1,17 @@ -version: "3" - services: + fail2ban: + image: crazymax/fail2ban:latest container_name: fail2ban + restart: unless-stopped + network_mode: host cap_add: - NET_ADMIN - NET_RAW environment: - TZ=Europe/Berlin - F2B_DB_PURGE_AGE=14d - image: crazymax/fail2ban:latest - network_mode: host - restart: unless-stopped volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/fail2Ban/data:/data - /path/to/my/logs/to/monitor:/var/log - #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik \ No newline at end of file diff --git a/examples/filebrowser/docker-compose.yml b/examples/filebrowser/docker-compose.yml index 9a733db..7af38d1 100644 --- a/examples/filebrowser/docker-compose.yml +++ b/examples/filebrowser/docker-compose.yml @@ -1,15 +1,16 @@ -version: "3" - services: + filebrowser: image: hurlenko/filebrowser container_name: filebrowser + restart: unless-stopped user: 1000:1000 # adjust to your needs + environment: + - FB_BASEURL=/filebrowser ports: - 8080:8080 + expose: + - 8080 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/data:/data - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/config:/config - environment: - - FB_BASEURL=/filebrowser - restart: unless-stopped + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/config:/config \ No newline at end of file diff --git a/examples/filerun/docker-compose.yml b/examples/filerun/docker-compose.yml index fefad3f..abf45b4 100644 --- a/examples/filerun/docker-compose.yml +++ b/examples/filerun/docker-compose.yml @@ -1,19 +1,20 @@ -version: '2' - services: + db: - image: mariadb:10.1 + image: mariadb:11.5 container_name: filerun-db environment: - MYSQL_ROOT_PASSWORD=your_mysql_root_password - MYSQL_USER=your_filerun_username - MYSQL_PASSWORD=your_filerun_password - MYSQL_DATABASE=your_filerun_database + expose: + - 3306 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/db:/var/lib/mysql filerun: - image: filerun/filerun + image: filerun/filerun:latest container_name: filerun environment: - FR_DB_HOST=db @@ -27,6 +28,8 @@ services: - db:db ports: - 8080:80 + expose: + - 80 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/html:/var/www/html - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/files:/user-files diff --git a/examples/firefly/docker-compose.yml b/examples/firefly/docker-compose.yml index 4b8567f..f34ef54 100644 --- a/examples/firefly/docker-compose.yml +++ b/examples/firefly/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + app: image: fireflyiii/core:latest container_name: firefly @@ -10,11 +9,13 @@ services: env_file: .env ports: - 80:8080 + expose: + - 8080 depends_on: - db db: - image: mariadb + image: mariadb:11.5 container_name: firefly-db restart: unless-stopped environment: @@ -23,4 +24,4 @@ services: - MYSQL_PASSWORD=MySecretDatabasePassword # if changed --> also update in .env file - MYSQL_DATABASE=firefly volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefly/mysql:/var/lib/mysql + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefly/mysql:/var/lib/mysql \ No newline at end of file diff --git a/examples/firefox/docker-compose.yml b/examples/firefox/docker-compose.yml index bea9a2e..bd32387 100644 --- a/examples/firefox/docker-compose.yml +++ b/examples/firefox/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3.3" - services: + firefox: image: lscr.io/linuxserver/firefox:latest container_name: firefox @@ -16,6 +15,8 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefox/config:/config ports: - 3210:3000 + expose: + - 3000 #networks: # - proxy #labels: diff --git a/examples/firezone/README.md b/examples/firezone/README.md index 7e7a3e1..4b282fa 100644 --- a/examples/firezone/README.md +++ b/examples/firezone/README.md @@ -9,7 +9,7 @@ > It undergoes a complete redesign (zero-knowledge, cloud) for v1.0 and won't provide any updates for the v0.7 (legacy) branch anymore. More information can be found [here](https://www.firezone.dev/blog/firezone-1-0). > [!TIP] -> A new fork (l4rm4nd/fireabend) tries to fix outdated dependencies and keep the software alive. +> A new fork (l4rm4nd/firezone) tries to fix outdated dependencies and keep the software alive. > > The fork starts with a new v7.0.0 release version and tag. diff --git a/examples/firezone/docker-compose.yml b/examples/firezone/docker-compose.yml index 8cbbbb0..5542bb4 100644 --- a/examples/firezone/docker-compose.yml +++ b/examples/firezone/docker-compose.yml @@ -6,8 +6,6 @@ x-deploy: &default-deploy update_config: order: start-first -version: "3.7" - services: firezone: @@ -54,6 +52,8 @@ services: postgres: image: postgres:15-alpine container_name: firezone-db + expose: + - 5432 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone/db:/var/lib/postgresql/data environment: diff --git a/examples/flame/docker-compose.yml b/examples/flame/docker-compose.yml index debd47e..4b78434 100644 --- a/examples/flame/docker-compose.yml +++ b/examples/flame/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.6' - services: + flame: image: pawelmalak/flame container_name: flame @@ -9,6 +8,8 @@ services: #- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration ports: - 5005:5005 + expose: + - 5005 environment: - PASSWORD=MyStrongLoginPassword restart: unless-stopped diff --git a/examples/flaresolverr/docker-compose.yml b/examples/flaresolverr/docker-compose.yml index c00de32..02b0ddf 100644 --- a/examples/flaresolverr/docker-compose.yml +++ b/examples/flaresolverr/docker-compose.yml @@ -1,14 +1,15 @@ -version: '3.3' - services: - flaresolverr: - image: ghcr.io/flaresolverr/flaresolverr:latest - container_name: flaresolverr - ports: - - 8191:8191 - environment: - - LOG_LEVEL=${LOG_LEVEL:-info} - - LOG_HTML=${LOG_HTML:-false} - - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} - - TZ=Europe/Berlin - restart: unless-stopped + + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + container_name: flaresolverr + restart: unless-stopped + ports: + - 8191:8191/tcp + expose: + - 8191 + environment: + - LOG_LEVEL=${LOG_LEVEL:-info} + - LOG_HTML=${LOG_HTML:-false} + - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} + - TZ=Europe/Berlin \ No newline at end of file diff --git a/examples/forte/docker-compose.yml b/examples/forte/docker-compose.yml index 13dc5e0..b41c0dd 100644 --- a/examples/forte/docker-compose.yml +++ b/examples/forte/docker-compose.yml @@ -1,12 +1,13 @@ -version: '3' - services: + app: image: kaangiray26/forte:4.3 container_name: forte restart: on-failure ports: - 3000:3000 + expose: + - 3000 depends_on: postgres: condition: service_healthy @@ -40,6 +41,8 @@ services: image: kaangiray26/postgres:2.0 container_name: forte-db restart: always + expose: + - 5432 environment: POSTGRES_DB: forte # Set Postgres Database Name POSTGRES_USER: forte # Set Postgres Username diff --git a/examples/ghost/docker-compose-rpi-arm.yml b/examples/ghost/docker-compose-rpi-arm.yml index 22b166a..c19412f 100644 --- a/examples/ghost/docker-compose-rpi-arm.yml +++ b/examples/ghost/docker-compose-rpi-arm.yml @@ -1,12 +1,13 @@ -version: '3.3' - services: + blog: image: ghost:5 container_name: ghost restart: always ports: - 8080:2368 + expose: + - 2368 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/content:/var/lib/ghost/content environment: @@ -28,6 +29,7 @@ services: database: image: linuxserver/mariadb container_name: ghost-db + restart: unless-stopped environment: - PUID=1000 - PGID=1000 @@ -36,6 +38,7 @@ services: - MYSQL_DATABASE=${DB_NAME:-ghost} - MYSQL_USER=${DB_USER:-ghost} - MYSQL_PASSWORD=${DB_USER_PASS:-DatabasePassword1234} + expose: + - 3306 volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/mariadb/config:/config - restart: unless-stopped + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/mariadb/config:/config \ No newline at end of file diff --git a/examples/ghost/docker-compose.yml b/examples/ghost/docker-compose.yml index 7ea724d..61d8e01 100644 --- a/examples/ghost/docker-compose.yml +++ b/examples/ghost/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.3' - services: blog: diff --git a/examples/gitea/docker-compose.yml b/examples/gitea/docker-compose.yml index e71692e..3fea841 100644 --- a/examples/gitea/docker-compose.yml +++ b/examples/gitea/docker-compose.yml @@ -1,8 +1,9 @@ -version: "3" - services: + gitea: + image: gitea/gitea:latest container_name: gitea + restart: unless-stopped environment: - USER_UID=1000 - USER_GID=1000 @@ -10,8 +11,9 @@ services: ports: - 3000:3000 #webgui - 2222:22 #ssh - image: gitea/gitea:latest - restart: unless-stopped + expose: + - 3000 + - 22 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitea/data:/data #networks: diff --git a/examples/gitlab/docker-compose.yml b/examples/gitlab/docker-compose.yml index 910d397..efd8c67 100644 --- a/examples/gitlab/docker-compose.yml +++ b/examples/gitlab/docker-compose.yml @@ -1,9 +1,9 @@ -version: '3.7' services: + gitlab-ce: image: gitlab/gitlab-ce:latest + container_name: gitlab-ce restart: unless-stopped - container_name: gitlab-ce environment: GITLAB_OMNIBUS_CONFIG: | external_url 'http://gitlab.example.com' # please adjust @@ -11,6 +11,10 @@ services: - 8033:80 # HTTP - 8434:443 # HTTPS - 2222:22 # SSH + expose: + - 80 + - 443 + - 22 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitlab/config:/etc/gitlab - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitlab/logs:/var/log/gitlab diff --git a/examples/gokapi/docker-compose.yml b/examples/gokapi/docker-compose.yml index 15094b7..1b31e3d 100644 --- a/examples/gokapi/docker-compose.yml +++ b/examples/gokapi/docker-compose.yml @@ -1,12 +1,13 @@ -version: "3.7" - services: + gokapi: image: f0rc3/gokapi:latest container_name: gokapi restart: unless-stopped ports: - 53842:53842 + expose: + - 53842 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gokapi/data:/app/data - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gokapi/config:/app/config diff --git a/examples/grafana-monitoring/docker-compose.yml b/examples/grafana-monitoring/docker-compose.yml index d4d78e6..c40a3a3 100644 --- a/examples/grafana-monitoring/docker-compose.yml +++ b/examples/grafana-monitoring/docker-compose.yml @@ -1,15 +1,15 @@ -version: "2" - services: loki: - image: grafana/loki:2.9.9 + image: grafana/loki:2.9.10 + container_name: loki hostname: loki - container_name: loki volumes: - ./volume-data/loki:/etc/loki # place loki-config.yml ports: - "127.0.0.1:3100:3100" + expose: + - 3100 restart: unless-stopped user: 1000:1000 command: -config.file=/etc/loki/loki-config.yml @@ -19,9 +19,9 @@ services: promtail: image: grafana/promtail:latest container_name: promtail + hostname: promtail depends_on: - loki - hostname: promtail volumes: - /var/log:/var/log:ro # let promtail access the docker host's log files - ./volume-data/promtail:/etc/promtail # place promtail-config.yml @@ -32,7 +32,7 @@ services: # - monitoring_default influxdb: - image: influxdb:1.8.10 + image: influxdb:1.8 container_name: influxdb hostname: influxdb restart: unless-stopped @@ -48,10 +48,10 @@ services: telegraf: image: telegraf:latest + container_name: telegraf + hostname: telegraf restart: unless-stopped user: telegraf:$(stat -c '%g' /var/run/docker.sock) # see: https://www.influxdata.com/blog/docker-run-telegraf-as-non-root/ - container_name: telegraf - hostname: telegraf dns: - 1.1.1.1 - 8.8.8.8 @@ -74,21 +74,23 @@ services: # - monitoring_default grafana: + image: grafana/grafana:latest container_name: grafana hostname: grafana + restart: unless-stopped user: 1000:1000 depends_on: - influxdb - loki - promtail - image: grafana/grafana:latest - restart: unless-stopped - #environment: - # - GF_SERVER_ROOT_URL=https://grafana.example.com # optional + environment: + - GF_SERVER_ROOT_URL=https://grafana.example.com # pls change this volumes: - ./volume-data/grafana:/var/lib/grafana ports: - 3000:3000 + expose: + - 3000 #networks: # - monitoring_default #labels: @@ -99,6 +101,17 @@ services: # # Part for local lan services only # - traefik.http.routers.grafana.middlewares=local-ipwhitelist@file + #prometheus: + # image: prom/prometheus + # container_name: prometheus + # restart: unless-stopped + # expose: + # - 9090 + # volumes: + # - ./volume-data/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml + # #networks: + # # - monitoring_default + #networks: # monitoring_default: # external: true diff --git a/examples/grafana-monitoring/volume-data/prometheus/prometheus.yml b/examples/grafana-monitoring/volume-data/prometheus/prometheus.yml new file mode 100644 index 0000000..77da1f1 --- /dev/null +++ b/examples/grafana-monitoring/volume-data/prometheus/prometheus.yml @@ -0,0 +1,17 @@ + +# my global config +global: + scrape_interval: 15s + evaluation_interval: 30s + body_size_limit: 15MB + sample_limit: 1500 + target_limit: 30 + label_limit: 30 + label_name_length_limit: 200 + label_value_length_limit: 200 + # scrape_timeout is set to the global default (10s). + +scrape_configs: + - job_name: crowdsec_myMachine + static_configs: + - targets: ["crowdsec:6060"] diff --git a/examples/gramps/docker-compose.yml b/examples/gramps/docker-compose.yml index 55e644b..28ba2c9 100644 --- a/examples/gramps/docker-compose.yml +++ b/examples/gramps/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.7" - services: grampsweb: diff --git a/examples/greenbone/docker-compose.yml b/examples/greenbone/docker-compose.yml index dc2efe9..0c1ae36 100644 --- a/examples/greenbone/docker-compose.yml +++ b/examples/greenbone/docker-compose.yml @@ -1,7 +1,9 @@ -version: "3" services: + gvm: image: securecompliance/gvm + container_name: gvm + restart: unless-stopped volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/greenbone/database:/opt/database - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/greenbone/gvm:/var/lib/gvm @@ -20,4 +22,7 @@ services: - "9392:9392" # Web interface #- "5432:5432" # Access PostgreSQL database from external tools #- "2222:22" # SSH for remote sensors - restart: unless-stopped + expose: + - 9392 + - 5432 + - 22 \ No newline at end of file diff --git a/examples/guacamole/docker-compose.yml b/examples/guacamole/docker-compose.yml index be97745..5a6dd36 100644 --- a/examples/guacamole/docker-compose.yml +++ b/examples/guacamole/docker-compose.yml @@ -1,5 +1,3 @@ -version: '2.0' - services: guacd: @@ -13,9 +11,11 @@ services: # - proxy postgres: - image: postgres:15.2-alpine + image: postgres:16-alpine container_name: guacamole-db restart: always + expose: + - 5432 environment: - PGDATA=/var/lib/postgresql/data/guacamole - POSTGRES_DB=guacamole_db @@ -27,7 +27,6 @@ services: #networks: # - proxy - # guacamole guacamole: image: guacamole/guacamole container_name: guacamole-ui diff --git a/examples/headscale/docker-compose.yml b/examples/headscale/docker-compose.yml index a26b391..8c4f201 100644 --- a/examples/headscale/docker-compose.yml +++ b/examples/headscale/docker-compose.yml @@ -1,10 +1,9 @@ -version: '3.9' - services: + headscale: image: headscale/headscale:0.22 + container_name: headscale pull_policy: always - container_name: headscale restart: unless-stopped command: headscale serve expose: @@ -26,8 +25,8 @@ services: headscale-ui: image: ghcr.io/gurucomputing/headscale-ui:latest + container_name: headscale-ui pull_policy: always - container_name: headscale-ui networks: - proxy restart: unless-stopped diff --git a/examples/hedgedoc/docker-compose.yml b/examples/hedgedoc/docker-compose.yml index ae70909..04523ac 100644 --- a/examples/hedgedoc/docker-compose.yml +++ b/examples/hedgedoc/docker-compose.yml @@ -1,23 +1,24 @@ -version: '3' - services: database: - image: postgres:13.4-alpine + image: postgres:16-alpine container_name: hedgedoc-db + restart: always + expose: + - 5432 environment: - POSTGRES_USER=hedgedoc - POSTGRES_PASSWORD=password - POSTGRES_DB=hedgedoc volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hedgedoc/database:/var/lib/postgresql/data - restart: always #networks: # - proxy app: image: quay.io/hedgedoc/hedgedoc:1.10.0 container_name: hedgedoc-app + restart: always environment: - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc - CMD_DOMAIN=collab.example.com @@ -45,7 +46,6 @@ services: - 3000:3000/tcp expose: - 3000 - restart: always depends_on: - database #networks: diff --git a/examples/heimdall/docker-compose.yml b/examples/heimdall/docker-compose.yml index 3e104e9..d83e8cf 100644 --- a/examples/heimdall/docker-compose.yml +++ b/examples/heimdall/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3" - services: + heimdall: image: linuxserver/heimdall:latest container_name: heimdall @@ -11,6 +10,8 @@ services: - TZ=Europe/Berlin ports: - 8099:80 + expose: + - 80 restart: unless-stopped volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/heimdall:/config diff --git a/examples/hemmelig/docker-compose.yml b/examples/hemmelig/docker-compose.yml index b7d61cb..3d9154b 100644 --- a/examples/hemmelig/docker-compose.yml +++ b/examples/hemmelig/docker-compose.yml @@ -1,4 +1,5 @@ services: + hemmelig: image: hemmeligapp/hemmelig:latest container_name: hemmelig @@ -19,12 +20,16 @@ services: - SECRET_MAX_TEXT_SIZE=256 # The max text size for the secret. Is set in kb. i.e. 256 for 256kb ports: - "3000:3000" + expose: + - 3000 restart: always stop_grace_period: 1m healthcheck: test: "wget -O /dev/null localhost:3000 || exit 1" timeout: 5s retries: 1 + #networks: + # - proxy #labels: # - traefik.enable=true # - traefik.http.routers.hemmelig.rule=Host(`hemmelig.example.com`) @@ -32,3 +37,7 @@ services: # - traefik.docker.network=proxy # # Part for optional traefik middlewares # - traefik.http.routers.hemmelig.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/homarr/docker-compose.yml b/examples/homarr/docker-compose.yml index d515c85..ef73b07 100644 --- a/examples/homarr/docker-compose.yml +++ b/examples/homarr/docker-compose.yml @@ -1,8 +1,8 @@ -version: '3' services: + homarr: + image: ghcr.io/ajnart/homarr:latest container_name: homarr - image: ghcr.io/ajnart/homarr:latest restart: unless-stopped environment: - PASSWORD=MySecureLoginPassword @@ -12,3 +12,5 @@ services: #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homarr/icons:/app/public/icons # optional for custom icons ports: - '7575:7575' + expose: + - 7575 diff --git a/examples/home-assistant/docker-compose.yml b/examples/home-assistant/docker-compose.yml index 507d5a2..b744915 100644 --- a/examples/home-assistant/docker-compose.yml +++ b/examples/home-assistant/docker-compose.yml @@ -1,10 +1,10 @@ ---- -version: "2.1" services: + homeassistant: image: linuxserver/homeassistant:latest container_name: homeassistant network_mode: host + restart: unless-stopped environment: - PUID=1000 - PGID=1000 @@ -12,7 +12,6 @@ services: volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homeassistant/config:/config #ports: - # - 8123:8123 #optional + # - 8123:8123 # optional of host network is used #devices: - # - /path/to/device:/path/to/device #optional - restart: unless-stopped + # - /path/to/device:/path/to/device #optional \ No newline at end of file diff --git a/examples/homepage/docker-compose.yml b/examples/homepage/docker-compose.yml index 35b1b78..982d0a1 100644 --- a/examples/homepage/docker-compose.yml +++ b/examples/homepage/docker-compose.yml @@ -1,18 +1,22 @@ -version: "3.3" services: + homepage: image: ghcr.io/gethomepage/homepage:latest container_name: homepage restart: unless-stopped ports: - 3000:3000 + expose: + - 3000 environment: - PUID=1000 - PGID=1000 volumes: + #- /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homepage/config:/app/config # Make sure your local config directory exists - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homepage/icons:/app/public/icons - # - /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations + #networks: + # - proxy #labels: # - traefik.enable=true # - traefik.http.routers.homepage.rule=Host(`home.example.com`) @@ -20,3 +24,7 @@ services: # - traefik.docker.network=proxy # # Part for local lan services only # - traefik.http.routers.homepage.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/homer/docker-compose.yml b/examples/homer/docker-compose.yml index acc2ee5..340c544 100644 --- a/examples/homer/docker-compose.yml +++ b/examples/homer/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.6' - services: + homer: image: b4bz/homer:latest container_name: homer @@ -8,6 +7,8 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homer:/www/assets ports: - "8080:8080" + expose: + - 8080 restart: unless-stopped environment: - UID=1000 diff --git a/examples/immich/.env b/examples/immich/.env index 057ff68..2427a6e 100644 --- a/examples/immich/.env +++ b/examples/immich/.env @@ -1,5 +1,5 @@ # Versioning -IMMICH_VERSION=v1.115.0 +IMMICH_VERSION=v1.123.0 # Database DB_HOSTNAME=immich-database @@ -13,6 +13,3 @@ REDIS_HOSTNAME=immich-redis # Upload File Config UPLOAD_LOCATION=/mnt/docker-volumes/immich/uploads # change this - -# JWT SECRET -JWT_SECRET=9C9E6EE5B56F137D2123123123123 # change this to a secure random secret diff --git a/examples/immich/docker-compose.yml b/examples/immich/docker-compose.yml index e70950b..13d7715 100644 --- a/examples/immich/docker-compose.yml +++ b/examples/immich/docker-compose.yml @@ -1,9 +1,8 @@ -version: "3.8" - services: + immich-server: - container_name: immich-server image: altran1502/immich-server:${IMMICH_VERSION:-release} + container_name: immich-server volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro @@ -12,9 +11,9 @@ services: environment: - NODE_ENV=production ports: - - 2283:3001 + - 2283:2283 expose: - - 3001 + - 2283 depends_on: - immich-redis - immich-database @@ -24,7 +23,7 @@ services: #labels: # - traefik.enable=false # - traefik.http.routers.immich.rule=Host(`immich.example.com`) - # - traefik.http.services.immich.loadbalancer.server.port=3001 + # - traefik.http.services.immich.loadbalancer.server.port=2283 # - traefik.docker.network=proxy # # Optional part for file upload max sizes # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5000MB @@ -52,8 +51,8 @@ services: # - proxy immich-redis: + image: redis:6.2-alpine container_name: immich-redis - image: redis:6.2-alpine restart: unless-stopped #labels: # - "com.centurylinklabs.watchtower.enable=true" @@ -61,8 +60,8 @@ services: # - proxy immich-database: + image: tensorchord/pgvecto-rs:pg14-v0.2.0 container_name: immich-database - image: tensorchord/pgvecto-rs:pg14-v0.2.0 env_file: - .env environment: diff --git a/examples/ipsec-vpn-server/docker-compose.yml b/examples/ipsec-vpn-server/docker-compose.yml index 47bc6b1..3ea343c 100644 --- a/examples/ipsec-vpn-server/docker-compose.yml +++ b/examples/ipsec-vpn-server/docker-compose.yml @@ -1,10 +1,9 @@ -version: '3' - services: + vpn: image: hwdsl2/ipsec-vpn-server + container_name: ipsec-vpn-server hostname: ipsec-vpn-server - container_name: ipsec-vpn-server environment: #- VPN_IPSEC_PSK=3gAW0sDYI2ARSMQIQRa2xpIHb42JS+ImsiHdf3jbTl8 # set a secure psk; e.g. via `openssl rand -base64 32`; only necessary if not IKEv2 only #- VPN_USER=vpn # define your vpn username; only necessary if not IKEv2 only @@ -25,6 +24,9 @@ services: ports: - "500:500/udp" - "4500:4500/udp" + expose: + - 500 + - 4500 privileged: true volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ipsec-vpn-server/data:/etc/ipsec.d # required to enable IKEv2 diff --git a/examples/it-tools/docker-compose.yml b/examples/it-tools/docker-compose.yml index f9ac298..c0a945e 100644 --- a/examples/it-tools/docker-compose.yml +++ b/examples/it-tools/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + it-tools: image: corentinth/it-tools container_name: it-tools @@ -8,6 +7,8 @@ services: restart: unless-stopped ports: - 8080:80/tcp + expose: + - 80 #networks: # - proxy # or use dev for testing purposes #labels: diff --git a/examples/jackett/docker-compose.yml b/examples/jackett/docker-compose.yml index 874bfec..f36ef03 100644 --- a/examples/jackett/docker-compose.yml +++ b/examples/jackett/docker-compose.yml @@ -1,6 +1,5 @@ -version: "2.1" - services: + jackett: image: lscr.io/linuxserver/jackett:latest container_name: jackett @@ -14,4 +13,6 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jackett/downloads:/downloads ports: - 9117:9117 + expose: + - 9117 restart: unless-stopped diff --git a/examples/jellyfin/docker-compose.yml b/examples/jellyfin/docker-compose.yml index 626f98f..349a44c 100644 --- a/examples/jellyfin/docker-compose.yml +++ b/examples/jellyfin/docker-compose.yml @@ -1,5 +1,5 @@ -version: '3.3' services: + jellyfin: image: jellyfin/jellyfin:latest container_name: jellyfin @@ -7,8 +7,11 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jellyfin/config:/config - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jellyfin/cache:/cache - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jellyfin/media:/media - network_mode: host restart: unless-stopped + ports: + - 8096:8096/tcp + expose: + - 8096 #environment: # - JELLYFIN_PublishedServerUrl=http://example.com # Optional - alternative address used for autodiscovery #extra_hosts: diff --git a/examples/jetbrains-youtrack/docker-compose.yml b/examples/jetbrains-youtrack/docker-compose.yml index ee2fa70..7db2eea 100644 --- a/examples/jetbrains-youtrack/docker-compose.yml +++ b/examples/jetbrains-youtrack/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.5' - services: + youtrack: image: jetbrains/youtrack:2022.3.65373 container_name: youtrack @@ -9,17 +8,19 @@ services: restart: unless-stopped ports: - 8080:8080 # web ui + expose: + - 8080 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/data:/opt/youtrack/data - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/conf:/opt/youtrack/conf - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/logs:/opt/youtrack/logs - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/backups:/opt/youtrack/backups - #networks: - # - proxy deploy: placement: constraints: - node.labels.youtrack.data == true + #networks: + # - proxy #labels: # - traefik.enable=true # - traefik.docker.network=proxy diff --git a/examples/keycloak/docker-compose.yml b/examples/keycloak/docker-compose.yml index c905efe..22cc705 100644 --- a/examples/keycloak/docker-compose.yml +++ b/examples/keycloak/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.7' - services: + postgres: image: postgres:16-alpine container_name: keycloak-db diff --git a/examples/koillection/docker-compose.yml b/examples/koillection/docker-compose.yml index dab69b1..99efbc3 100644 --- a/examples/koillection/docker-compose.yml +++ b/examples/koillection/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.3' - services: db: diff --git a/examples/leantime/docker-compose.yml b/examples/leantime/docker-compose.yml index a77b42a..417bd9d 100644 --- a/examples/leantime/docker-compose.yml +++ b/examples/leantime/docker-compose.yml @@ -1,16 +1,17 @@ -version: '3.3' - services: + leantime_db: - image: mysql:8.0 + image: mysql:8.4 container_name: leantime-mysql + expose: + - 3306 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/mysql:/var/lib/mysql restart: unless-stopped env_file: ./.env command: --character-set-server=UTF8MB4 --collation-server=UTF8MB4_unicode_ci #networks: - # - proxy + # - internal leantime: image: leantime/leantime:latest @@ -20,24 +21,31 @@ services: volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/public_data:/var/www/html/public/userfiles - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/data:/var/www/html/userfiles + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/plugins:/var/www/html/app/Plugins ports: - - "8080:80" # The port to expose and access Leantime + - "8080:80" # The port to expose and access Leantime + expose: + - 80 depends_on: - - leantime_db # Don't start Leantime unless leantime_db is running + - leantime_db #networks: # - proxy + # - internal #labels: # - traefik.enable=true + # - traefik.docker.network=proxy # - traefik.http.routers.leantime.rule=Host(`leantime.example.com`) # - traefik.http.services.leantime.loadbalancer.server.port=80 + # # Optional part for file upload max sizes # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads - # - traefik.docker.network=proxy # # Part for optional traefik middlewares # - traefik.http.routers.leantime.middlewares=local-ipwhitelist@file,authelia@file,basic-auth@file #networks: # proxy: # external: true +# internal: +# internal: true diff --git a/examples/librephotos/docker-compose.yml b/examples/librephotos/docker-compose.yml index 7f08722..43bd1b8 100644 --- a/examples/librephotos/docker-compose.yml +++ b/examples/librephotos/docker-compose.yml @@ -1,14 +1,5 @@ -# DO NOT EDIT -# The .env file has everything you need to edit. -# Run options: -# 1. Use prebuilt images (preferred method): -# run cmd: docker-compose up -d -# 2. Build images on your own machine: -# build cmd: COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose build -# run cmd: docker-compose up -d - -version: "3.8" services: + proxy: image: reallibrephotos/librephotos-proxy:${tag} container_name: librephotos-proxy @@ -23,7 +14,7 @@ services: - frontend db: - image: postgres:13 + image: postgres:16-alpine container_name: librephotos-db restart: unless-stopped environment: @@ -80,7 +71,7 @@ services: condition: service_healthy redis: - image: redis:6 + image: redis:7-alpine container_name: librephotos-redis restart: unless-stopped healthcheck: diff --git a/examples/lidarr/docker-compose.yml b/examples/lidarr/docker-compose.yml index f950897..c74b795 100644 --- a/examples/lidarr/docker-compose.yml +++ b/examples/lidarr/docker-compose.yml @@ -1,6 +1,5 @@ -version: "2.1" - services: + lidarr: image: lscr.io/linuxserver/lidarr:latest container_name: lidarr @@ -14,4 +13,6 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/lidarr/downloads:/downloads # Should be the same as the download client's folder ports: - 8686:8686 + expose: + - 8686 restart: unless-stopped diff --git a/examples/lldap/docker-compose.yml b/examples/lldap/docker-compose.yml index ab905a0..a1f5ab0 100644 --- a/examples/lldap/docker-compose.yml +++ b/examples/lldap/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + lldap: image: lldap/lldap:stable container_name: lldap @@ -17,10 +16,11 @@ services: ports: - 3890:3890 # LDAP - 17170:17170 # WEB UI + expose: + - 3890 + - 17170 #networks: # - proxy - #expose: - # - 17170 #labels: # - traefik.enable=true # - traefik.http.routers.lldap.rule=Host(`lldap.example.com`) diff --git a/examples/matomo/docker-compose.yml b/examples/matomo/docker-compose.yml index 4a27969..0fe5d86 100644 --- a/examples/matomo/docker-compose.yml +++ b/examples/matomo/docker-compose.yml @@ -1,11 +1,12 @@ -version: "2" - services: + matomo: + image: matomo:5-fpm-alpine container_name: matomo - image: matomo ports: - 8099:80 + expose: + - 80 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/matomo/apache/apache2.conf:/etc/apache2/apache2.conf:ro - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/matomo/html:/var/www/html @@ -29,13 +30,15 @@ services: matomo_db: + image: mariadb:11.5 container_name: matomo_db - image: mariadb command: --max-allowed-packet=64MB environment: - MYSQL_ROOT_PASSWORD=makeitup env_file: - ./db.env + expose: + - 3306 restart: unless-stopped volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/matomo/database:/var/lib/mysql diff --git a/examples/mattermost/docker-compose.yml b/examples/mattermost/docker-compose.yml index 0b740e1..7bf000f 100644 --- a/examples/mattermost/docker-compose.yml +++ b/examples/mattermost/docker-compose.yml @@ -1,6 +1,5 @@ -version: "2.4" - services: + postgres: image: postgres:${POSTGRES_IMAGE_TAG} container_name: mattermost-db diff --git a/examples/mealie/docker-compose.yml b/examples/mealie/docker-compose.yml index 47c80e5..ce6b1ea 100644 --- a/examples/mealie/docker-compose.yml +++ b/examples/mealie/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3.7" - services: + mealie-frontend: image: hkotel/mealie:frontend-v1.0.0beta-5 container_name: mealie-frontend @@ -13,6 +12,8 @@ services: restart: unless-stopped ports: - "9925:3000" # adjust to your liking + expose: + - 3000 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mealie/data:/app/data/ #networks: diff --git a/examples/memos/docker-compose.yml b/examples/memos/docker-compose.yml index 82c4cc6..6850ed6 100644 --- a/examples/memos/docker-compose.yml +++ b/examples/memos/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3.0" - services: + memos: image: neosmemo/memos:latest container_name: memos @@ -8,6 +7,8 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/memos/data:/var/opt/memos ports: - 5230:5230 + expose: + - 5230 #networks: # - proxy #labels: diff --git a/examples/metube/docker-compose.yml b/examples/metube/docker-compose.yml index 9576c8a..b1508cf 100644 --- a/examples/metube/docker-compose.yml +++ b/examples/metube/docker-compose.yml @@ -1,13 +1,16 @@ -version: "3" - services: + metube: image: alexta69/metube container_name: metube hostname: metube restart: unless-stopped + environment: + - DELETE_FILE_ON_TRASHCAN=false ports: - "8081:8081" # web ui + expose: + - 8081 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/metube/downloads:/downloads #networks: diff --git a/examples/minio/docker-compose.yml b/examples/minio/docker-compose.yml index e7e00f4..35f01b0 100644 --- a/examples/minio/docker-compose.yml +++ b/examples/minio/docker-compose.yml @@ -1,8 +1,7 @@ -version: "3" - services: + minio-s3: - image: bitnami/minio:2023 + image: bitnami/minio:2024 container_name: minio hostname: minio environment: @@ -10,9 +9,11 @@ services: - MINIO_ROOT_PASSWORD=XscUJuDQP4WuWA55vfXNrc7 # change this ports: - 9001:9001/tcp + expose: + - 9001 restart: unless-stopped volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/minio/data:/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/minio/data:/bitnami/minio/data #networks: # - proxy #labels: diff --git a/examples/mirotalk/docker-compose.yml b/examples/mirotalk/docker-compose.yml index 0251f17..3297f06 100644 --- a/examples/mirotalk/docker-compose.yml +++ b/examples/mirotalk/docker-compose.yml @@ -1,16 +1,17 @@ -version: '3.7' - services: + mirotalk: image: mirotalk/p2p:latest - restart: unless-stopped container_name: mirotalk hostname: mirotalk + restart: unless-stopped ports: # use a reverse proxy with SSL/TLS support # otherwise webrtc won't work with plaintext http after Chrome 47+ # see https://stackoverflow.com/questions/52759992/how-to-access-camera-and-microphone-in-chrome-without-https/58449078#58449078 - - 3000:3000 # WEB UI; + - 3000:3000 # WEB UI + expose: + - 3000 volumes: - .env:/src/.env:ro #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mirotalk/app:/src/app:ro # only necessary if you want to adjust the code itself (js, css, etc.) diff --git a/examples/money-balancer/docker-compose.yml b/examples/money-balancer/docker-compose.yml index d40a373..efe3129 100644 --- a/examples/money-balancer/docker-compose.yml +++ b/examples/money-balancer/docker-compose.yml @@ -1,11 +1,13 @@ -version: "3" services: + money-balancer: image: ghcr.io/dorianim/money-balancer - restart: unless-stopped container_name: money-balancer + restart: unless-stopped ports: - 8000:8000 + expose: + - 8000 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/money-balancer/data:/data environment: diff --git a/examples/monkeytype/docker-compose.yml b/examples/monkeytype/docker-compose.yml index ca1ee87..c627dea 100644 --- a/examples/monkeytype/docker-compose.yml +++ b/examples/monkeytype/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + monkeytype: image: themythologist/monkeytype:frontend-latest container_name: monkeytype @@ -8,6 +7,8 @@ services: restart: unless-stopped ports: - 5000:5000/tcp + expose: + - 5000 #networks: # - proxy #labels: diff --git a/examples/n8n/.env b/examples/n8n/.env index 733d9dc..d0128c5 100644 --- a/examples/n8n/.env +++ b/examples/n8n/.env @@ -1,6 +1,22 @@ +## database settings POSTGRES_USER=postgres POSTGRES_PASSWORD=MySecureRootDbUserPassword POSTGRES_DB=n8n - POSTGRES_NON_ROOT_USER=n8n POSTGRES_NON_ROOT_PASSWORD=MySecureDatabaseUserPassword + +## application settings +N8N_NODE_ENV=production +N8N_TZ=Europe/Berlin + +## tls proxy settings +N8N_HOST=n8n.example.com +N8N_PROTOCOL=http +N8N_WEBHOOK_URL=https://n8n.example.com/ + +## npm extra options +# this will install additional npm packages during container start +EXTRA_NODE_MODULES=lodash + +# this will whitelist additional npm packages +NODE_FUNCTION_ALLOW_EXTERNAL=lodash \ No newline at end of file diff --git a/examples/n8n/README.md b/examples/n8n/README.md index 4078d66..008c925 100644 --- a/examples/n8n/README.md +++ b/examples/n8n/README.md @@ -1,7 +1,7 @@ # References - https://github.com/n8n-io/n8n -- https://github.com/n8n-io/n8n/tree/master/docker/compose/withPostgres +- https://github.com/n8n-io/n8n-hosting/tree/main/docker-compose/withPostgres # Notes @@ -11,35 +11,21 @@ Please follow these steps to do so: ```` # create new directory for database -mkdir -p /mnt/docker-volumes/n8n +mkdir -p /mnt/docker-volumes/n8n/storage # move the init file from this repo to the new location mv init-database.sh /mnt/docker-volumes/n8n/. -# optional; adjust permissions -sudo chmod -R 777 /mnt/docker-volumes/n8n/ +# fix permissions +sudo chown -R 0:1000 /mnt/docker-volumes/n8n/ +sudo chmod -R 775 /mnt/docker-volumes/n8n/ + +# adjust environment variables +nano .env ```` -Afterwards, you can proceed spawning up the docker compose stack with: +Afterwards, you can proceed spawning up the docker compose stack: ```` -docker compose up +docker compose up -d ```` - -> [!WARNING] -> Upon starting the stack you may see n8n errors regarding permissions: -> -> ```` -> [EACCES] Error Plugin: n8n: EACCES: permission denied, open '/home/node/.n8n/config' -> ```` -> -> You can fix those my running: -> ```` -> sudo chmod -R 777 /mnt/docker-volumes/n8n/database -> ```` -> -> and restarting the stack: -> -> ```` -> docker compose up --force-recreate -> ```` diff --git a/examples/n8n/docker-compose.yml b/examples/n8n/docker-compose.yml index 74d978d..45c2200 100644 --- a/examples/n8n/docker-compose.yml +++ b/examples/n8n/docker-compose.yml @@ -1,11 +1,11 @@ -version: '3.8' - services: n8n-db: - image: postgres:11-alpine + image: postgres:16-alpine container_name: n8n-db restart: unless-stopped + expose: + - 5432 environment: - POSTGRES_USER - POSTGRES_PASSWORD @@ -19,7 +19,9 @@ services: test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}'] interval: 5s timeout: 5s - retries: 10 + retries: 10 + #networks: + # - n8n-internal n8n: image: n8nio/n8n @@ -27,24 +29,47 @@ services: hostname: n8n restart: unless-stopped environment: + # database settings - DB_TYPE=postgresdb - DB_POSTGRESDB_HOST=n8n-db - DB_POSTGRESDB_DATABASE=${POSTGRES_DB} - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER} - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD} + # application settings + - NODE_ENV=${N8N_NODE_ENV} + - GENERIC_TIMEZONE=${N8N_TZ} + # tls proxy settings + - N8N_HOST=${N8N_HOST} + - N8N_PROTOCOL=${N8N_PROTOCOL} + - WEBHOOK_URL=${N8N_WEBHOOK_URL} + # npm extra options + - EXTRA_NODE_MODULES=${N8N_EXTRA_NODE_MODULES} + - NODE_FUNCTION_ALLOW_EXTERNAL=${N8N_NODE_FUNCTION_ALLOW_EXTERNAL} ports: - 5678:5678 + expose: + - 5678 links: - n8n-db volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/n8n/storage:/home/node/.n8n + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/n8n/files:/files depends_on: n8n-db: condition: service_healthy + #networks: + # - proxy + # - n8n-internal #labels: # - traefik.enable=true + # - traefik.docker.network=proxy # - traefik.http.routers.n8n.rule=Host(`n8n.example.com`) # - traefik.http.services.n8n.loadbalancer.server.port=5678 - # - traefik.docker.network=proxy # # Part for optional traefik middlewares # - traefik.http.routers.n8n.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true +# n8n-internal: +# internal: true diff --git a/examples/n8n/init-database.sh b/examples/n8n/init-database.sh index c35d592..f98a972 100644 --- a/examples/n8n/init-database.sh +++ b/examples/n8n/init-database.sh @@ -3,10 +3,11 @@ set -e; if [ -n "${POSTGRES_NON_ROOT_USER:-}" ] && [ -n "${POSTGRES_NON_ROOT_PASSWORD:-}" ]; then - psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL - CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}'; - GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER}; - EOSQL -else - echo "SETUP INFO: No Environment variables given!" -fi + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}'; + GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER}; + GRANT CREATE ON SCHEMA public TO ${POSTGRES_NON_ROOT_USER}; + EOSQL +else + echo "SETUP INFO: No Environment variables given!" +fi diff --git a/examples/nessus/docker-compose.yml b/examples/nessus/docker-compose.yml index f180b24..013eef8 100644 --- a/examples/nessus/docker-compose.yml +++ b/examples/nessus/docker-compose.yml @@ -1,11 +1,13 @@ -version: "3.7" services: + nessus: - hostname: nessus - container_name: nessus image: tenableofficial/nessus:latest + container_name: nessus + hostname: nessus ports: - 8834:8834/tcp # WEB UI + expose: + - 8834 environment: - ACTIVATION_CODE=XXX-XXXXX-XXXXX-XXXX # change this - USERNAME=nessus diff --git a/examples/network-multitool/docker-compose.yml b/examples/network-multitool/docker-compose.yml index d2ca64f..1930275 100644 --- a/examples/network-multitool/docker-compose.yml +++ b/examples/network-multitool/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3" - services: + network-multitool: image: wbitt/network-multitool:alpine-extra container_name: network-multitool diff --git a/examples/nextcloud/docker-compose-mariadb-redis.yml b/examples/nextcloud/docker-compose-mariadb-redis.yml index 58ce30b..dd615f8 100644 --- a/examples/nextcloud/docker-compose-mariadb-redis.yml +++ b/examples/nextcloud/docker-compose-mariadb-redis.yml @@ -6,6 +6,8 @@ services: hostname: nextcloud-db command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF restart: unless-stopped + expose: + - 3306 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nextcloud/database:/var/lib/mysql environment: diff --git a/examples/nextcloud/docker-compose-sqlite.yml b/examples/nextcloud/docker-compose-sqlite.yml index 0f3784d..2586077 100644 --- a/examples/nextcloud/docker-compose-sqlite.yml +++ b/examples/nextcloud/docker-compose-sqlite.yml @@ -1,4 +1,5 @@ services: + nextcloud: image: linuxserver/nextcloud:latest container_name: nextcloud diff --git a/examples/nginx-php/docker-compose.yml b/examples/nginx-php/docker-compose.yml index 97826e4..b97de14 100644 --- a/examples/nginx-php/docker-compose.yml +++ b/examples/nginx-php/docker-compose.yml @@ -1,34 +1,35 @@ -version: "3" - services: + web: image: nginx:stable-alpine + container_name: nginx hostname: nginx volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/www-data:/var/www # place your files for web here - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/nginx-conf:/etc/nginx/conf.d # place provided nginx.conf here - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/logs:/var/log/nginx - container_name: nginx restart: unless-stopped ports: - 8080:80 + expose: + - 80 #networks: # - proxy #labels: # - traefik.enable=true + # - traefik.docker.network=proxy # - traefik.http.routers.nginx.rule=Host(`nginx.example.com`) # - traefik.http.services.nginx.loadbalancer.server.port=80 - # - traefik.docker.network=proxy - # # Part for local lan services only + # # Optional part for traefik middlewares # #- traefik.http.routers.nginx.middlewares=error-pages-middleware@docker php: image: php:8-fpm-alpine + container_name: php hostname: php volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/www-data:/var/www # must be same path to www-data as above #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/php/custom-php.ini:/usr/local/etc/php/conf.d/php.ini:ro - container_name: php restart: unless-stopped working_dir: /var/www expose: diff --git a/examples/nginx-proxy-manager-goaccess/docker-compose.yml b/examples/nginx-proxy-manager-goaccess/docker-compose.yml index ffc1272..be47deb 100644 --- a/examples/nginx-proxy-manager-goaccess/docker-compose.yml +++ b/examples/nginx-proxy-manager-goaccess/docker-compose.yml @@ -1,17 +1,20 @@ -version: "3" - services: + goaccess: image: xavierh/goaccess-for-nginxproxymanager:latest container_name: goaccess restart: always + ports: + - '7880:7880' + expose: + - 7880 volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx-proxy-manager/data/logs:/opt/log:ro + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx-proxy-manager/data/logs:/opt/log:ro environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Berlin - - SKIP_ARCHIVED_LOGS=False #optional - - BASIC_AUTH=False #optional - - BASIC_AUTH_USERNAME=user #optional - - BASIC_AUTH_PASSWORD=pass #optional \ No newline at end of file + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - SKIP_ARCHIVED_LOGS=False #optional + - BASIC_AUTH=False #optional + - BASIC_AUTH_USERNAME=user #optional + - BASIC_AUTH_PASSWORD=pass #optional \ No newline at end of file diff --git a/examples/nginx-proxy-manager/docker-compose.yml b/examples/nginx-proxy-manager/docker-compose.yml index 628e944..41e9cb8 100644 --- a/examples/nginx-proxy-manager/docker-compose.yml +++ b/examples/nginx-proxy-manager/docker-compose.yml @@ -1,20 +1,21 @@ -version: "3" - services: + npm: + image: jc21/nginx-proxy-manager:latest container_name: npm + hostname: npm environment: - TZ=Europe/Berlin - PUID=1000 # see https://nginxproxymanager.com/advanced-config/ - PGID=1000 # see https://nginxproxymanager.com/advanced-config/ - hostname: npm - #networks: - # - npm_proxy - image: jc21/nginx-proxy-manager:latest ports: - 80:80/tcp # HTTP - 443:443/tcp # HTTPS - 81:81/tcp # MGMT UI, do not expose publicly + expose: + - 80 + - 443 + - 81 restart: unless-stopped healthcheck: test: ["CMD", "/bin/check-health"] @@ -23,6 +24,8 @@ services: volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx-proxy-manager/data:/data - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx-proxy-manager/letsencrypt:/etc/letsencrypt + #networks: + # - npm_proxy #networks: # npm_proxy: diff --git a/examples/nitter/docker-compose.yml b/examples/nitter/docker-compose.yml index c457645..1e46a00 100644 --- a/examples/nitter/docker-compose.yml +++ b/examples/nitter/docker-compose.yml @@ -5,6 +5,8 @@ services: container_name: nitter ports: - "8080:8080" + expose: + - 8080 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nitter/nitter.conf:/src/nitter.conf:ro depends_on: @@ -17,7 +19,7 @@ services: retries: 2 nitter-redis: - image: redis:6-alpine + image: redis:7-alpine container_name: nitter-redis command: redis-server --save 60 1 --loglevel warning volumes: diff --git a/examples/obsidian-remote/docker-compose.yml b/examples/obsidian-remote/docker-compose.yml index 875e407..036a0ad 100644 --- a/examples/obsidian-remote/docker-compose.yml +++ b/examples/obsidian-remote/docker-compose.yml @@ -1,5 +1,5 @@ -version: '3.8' services: + obsidian: image: 'ghcr.io/sytone/obsidian-remote:latest' container_name: obsidian-remote @@ -8,6 +8,10 @@ services: - 8080:8080 # Obsidian Web Interface #- 27123:27123 # Local REST API Plugin HTTP Server Port #- 27124:27124 # Local REST API Plugin HTTPS Server Port + expose: + - 8080 + - 27123 + - 27124 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/obsidian-remote/vaults:/vaults # The location on the host for your Obsidian Vaults - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/obsidian-remote/config:/config # The location to store Obsidan configuration and ssh data for obsidian-git diff --git a/examples/ombi/docker-compose.yml b/examples/ombi/docker-compose.yml index b894492..f572245 100644 --- a/examples/ombi/docker-compose.yml +++ b/examples/ombi/docker-compose.yml @@ -1,5 +1,5 @@ -version: "2.1" services: + ombi: image: lscr.io/linuxserver/ombi:latest container_name: ombi @@ -12,4 +12,6 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ombi/config:/config ports: - 3579:3579 + expose: + - 3579 restart: unless-stopped \ No newline at end of file diff --git a/examples/onedev/docker-compose.yml b/examples/onedev/docker-compose.yml index 66da7a5..a796af5 100644 --- a/examples/onedev/docker-compose.yml +++ b/examples/onedev/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + onedev: image: 1dev/server:latest container_name: onedev @@ -8,6 +7,8 @@ services: restart: unless-stopped ports: - 6610:6610/tcp + expose: + - 6610 volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro diff --git a/examples/opengist/.env b/examples/opengist/.env new file mode 100644 index 0000000..1632c77 --- /dev/null +++ b/examples/opengist/.env @@ -0,0 +1,13 @@ +OG_OIDC_CLIENT_KEY= +OG_OIDC_SECRET= +OG_OIDC_DISCOVERY_URL=https:///.well-known/openid-configuration + +# custom assets; see https://opengist.io/docs/configuration/custom-assets.html +#OG_CUSTOM_LOGO=logo.png +#OG_CUSTOM_FAVICON=logo.png + +# custom links; see https://opengist.io/docs/configuration/custom-links.html +#OG_CUSTOM_STATIC_LINK_0_NAME="Legal Notices" +#OG_CUSTOM_STATIC_LINK_0_PATH=legal.html +#OG_CUSTOM_STATIC_LINK_1_NAME=Gitea +#OG_CUSTOM_STATIC_LINK_1_PATH=https://gitea.com diff --git a/examples/opengist/README.md b/examples/opengist/README.md new file mode 100644 index 0000000..6b995b8 --- /dev/null +++ b/examples/opengist/README.md @@ -0,0 +1,4 @@ +# References + +- https://opengist.io/docs/ +- https://github.com/thomiceli/opengist diff --git a/examples/opengist/docker-compose.yml b/examples/opengist/docker-compose.yml new file mode 100644 index 0000000..eceb0a1 --- /dev/null +++ b/examples/opengist/docker-compose.yml @@ -0,0 +1,32 @@ +services: + + opengist: + image: ghcr.io/thomiceli/opengist:1.8 + container_name: opengist + restart: unless-stopped + env_file: + - .env + environment: + - OG_OIDC_CLIENT_KEY=${OG_OIDC_CLIENT_KEY:-mykey} + - OG_OIDC_SECRET=${OG_OIDC_SECRET:-mysecret} + - OG_OIDC_DISCOVERY_URL=${OG_OIDC_DISCOVERY_URL:-https://sso.example.com} + ports: + - 6157:6157 + expose: + - 6157 # http ui + - 2222 # ssh + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/opengist:/opengist + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.opengist.rule=Host(`gist.example.com`) + # - traefik.http.services.opengist.loadbalancer.server.port=6157 + # # Optional part for traefik middlewares + # - traefik.http.routers.opengist.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/openspeedtest/docker-compose.yml b/examples/openspeedtest/docker-compose.yml index 00e69e5..0bfa566 100644 --- a/examples/openspeedtest/docker-compose.yml +++ b/examples/openspeedtest/docker-compose.yml @@ -1,11 +1,14 @@ -version: "3" services: + openspeedtest: image: openspeedtest/latest:latest container_name: openspeedtest ports: - 3380:3000 # HTTP - 3001:3001 # HTTPS + expose: + - 3000 + - 3001 restart: always #labels: # - traefik.enable=true diff --git a/examples/openvpn/docker-compose.yml b/examples/openvpn/docker-compose.yml index e45400f..4b1d1f5 100644 --- a/examples/openvpn/docker-compose.yml +++ b/examples/openvpn/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + openvpn-as: image: openvpn/openvpn-as container_name: openvpn-as diff --git a/examples/overleaf/docker-compose.yml b/examples/overleaf/docker-compose.yml index a6ea3f7..d436311 100644 --- a/examples/overleaf/docker-compose.yml +++ b/examples/overleaf/docker-compose.yml @@ -1,5 +1,5 @@ -version: '2.2' services: + sharelatex: restart: always image: sharelatex/sharelatex @@ -11,6 +11,8 @@ services: condition: service_started ports: - 8888:80 + expose: + - 80 links: - mongo - redis @@ -117,7 +119,7 @@ services: redis: restart: always - image: redis:6.2-alpine + image: redis:7-alpine container_name: sharelatex-redis expose: - 6379 diff --git a/examples/owncloud-ocis/docker-compose.yml b/examples/owncloud-ocis/docker-compose.yml index 241d714..e1af22c 100644 --- a/examples/owncloud-ocis/docker-compose.yml +++ b/examples/owncloud-ocis/docker-compose.yml @@ -1,6 +1,3 @@ ---- -version: "3.7" - services: ocis: diff --git a/examples/pairdrop/docker-compose.yml b/examples/pairdrop/docker-compose.yml index a967311..d812095 100644 --- a/examples/pairdrop/docker-compose.yml +++ b/examples/pairdrop/docker-compose.yml @@ -1,6 +1,5 @@ -version: "2.1" - services: + pairdrop: image: linuxserver/pairdrop:latest container_name: pairdrop @@ -13,6 +12,8 @@ services: - WS_FALLBACK=false #optional ports: - 3215:3000 + expose: + - 3000 restart: unless-stopped #networks: # - proxy diff --git a/examples/paperless-ngx/docker-compose-deprecated.yml b/examples/paperless-ngx/docker-compose-deprecated.yml deleted file mode 100644 index 4e58a79..0000000 --- a/examples/paperless-ngx/docker-compose-deprecated.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: "2.1" -services: - paperless-ngx: - image: lscr.io/linuxserver/paperless-ngx:latest - container_name: paperless-ngx - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Berlin - #- PAPERLESS_URL=https://docs.example.com # uncomment and adjust if behind reverse proxy - #- REDIS_URL= #optional - volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/config:/config - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/data:/data - ports: - - 8000:8000 - restart: unless-stopped - #labels: - # - traefik.enable=true - # - traefik.http.routers.paperless-ngx.rule=Host(`docs.example.com`) - # - traefik.http.services.paperless-ngx.loadbalancer.server.port=8000 - # - traefik.docker.network=proxy - # # Part for optional traefik middlewares - # - traefik.http.routers.paperless-ngx.middlewares=local-ipwhitelist@file diff --git a/examples/paperless-ngx/docker-compose.yml b/examples/paperless-ngx/docker-compose.yml index 242db67..5efe90f 100644 --- a/examples/paperless-ngx/docker-compose.yml +++ b/examples/paperless-ngx/docker-compose.yml @@ -1,17 +1,16 @@ -version: "3.4" - services: + broker: - image: docker.io/library/redis:7 + image: docker.io/library/redis:7-alpine container_name: paperless-ngx-redis restart: unless-stopped volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/redis:/data #networks: - # - proxy + # - proxy db: - image: docker.io/library/postgres:13 + image: docker.io/library/postgres:16-alpine container_name: paperless-ngx-db restart: unless-stopped volumes: @@ -21,7 +20,7 @@ services: POSTGRES_USER: paperless POSTGRES_PASSWORD: paperless #networks: - # - proxy + # - proxy webserver: image: ghcr.io/paperless-ngx/paperless-ngx:latest @@ -32,6 +31,8 @@ services: - broker ports: - "8910:8000" + expose: + - 8000 healthcheck: test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] interval: 30s diff --git a/examples/papermerge/docker-compose-deprecated.yml b/examples/papermerge/docker-compose-deprecated.yml deleted file mode 100644 index 2aaa9e0..0000000 --- a/examples/papermerge/docker-compose-deprecated.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: "3" - -services: - papermerge: - container_name: papermerge - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Berlin - hostname: papermerge - image: linuxserver/papermerge:latest - restart: unless-stopped - volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/importer_dir:/mnt/media/importer_dir - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/config:/config - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/data:/data diff --git a/examples/papermerge/docker-compose.yml b/examples/papermerge/docker-compose.yml index 39b36ec..edb6817 100644 --- a/examples/papermerge/docker-compose.yml +++ b/examples/papermerge/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.7' - services: app: @@ -39,7 +37,7 @@ services: # - traefik.http.routers.papermerge.middlewares=local-ipwhitelist@file,authelia@docker db: - image: postgres:12.3-alpine + image: postgres:16-alpine container_name: papermerge-db restart: unless-stopped expose: @@ -54,8 +52,8 @@ services: # - proxy redis: + image: redis:6-alpine container_name: papermerge-redis - image: redis:6-alpine restart: unless-stopped expose: - 6379 diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index 64f6c92..c7bb71a 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -1,11 +1,12 @@ -version: '3.9' - services: + db: - image: mariadb:10.3 + image: mariadb:11.5 container_name: passbolt-db hostname: passbolt-db restart: unless-stopped + expose: + - 3306 environment: MYSQL_RANDOM_ROOT_PASSWORD: "true" MYSQL_DATABASE: "passbolt" @@ -43,3 +44,8 @@ services: - 8432:443 # HTTPS # - 8543:8080 # alternative port mappings if rootless image is used # - 8432:4433 # alternative port mappings if rootless image is used + expose: + - 80 + - 443 + - 8080 + - 4433 diff --git a/examples/photoprism/docker-compose.yml b/examples/photoprism/docker-compose.yml index 26ce668..ce0873d 100644 --- a/examples/photoprism/docker-compose.yml +++ b/examples/photoprism/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3" - services: + photoprism: image: photoprism/photoprism:latest container_name: photoprism @@ -16,6 +15,8 @@ services: - PHOTOPRISM_DATABASE_DRIVER=sqlite ports: - 2342:2342 + expose: + - 2342 restart: unless-stopped volumes: - /path/to/my/locally/stored/media/files:/photoprism/originals diff --git a/examples/pi-hole/docker-compose.yml b/examples/pi-hole/docker-compose.yml index 5d9c83e..2d15c8b 100644 --- a/examples/pi-hole/docker-compose.yml +++ b/examples/pi-hole/docker-compose.yml @@ -1,10 +1,9 @@ -version: "3" - -# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ services: + pihole: container_name: pihole image: pihole/pihole:latest + restart: unless-stopped # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" ports: - "53:53/tcp" # DNS TCP @@ -14,14 +13,11 @@ services: environment: TZ: 'Europe/Berlin' WEBPASSWORD: 'MySecureLoginPasswordForWebApp' - # Volumes store your data between container upgrades volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/pihole/data:/etc/pihole - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/pihole/dnsmasq:/etc/dnsmasq.d - # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities - cap_add: - - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed - restart: unless-stopped + #cap_add: + # - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed #networks: # - proxy #labels: diff --git a/examples/plausible/docker-compose.yml b/examples/plausible/docker-compose.yml index 79a2c42..dd8c029 100644 --- a/examples/plausible/docker-compose.yml +++ b/examples/plausible/docker-compose.yml @@ -1,15 +1,11 @@ -version: "3.3" services: - #mail: - # image: bytemark/smtp - # restart: always - # container_name: plausible-smtp plausible_db: - # supported versions are 12, 13, and 14 - image: postgres:14-alpine + image: postgres:16-alpine container_name: plausible-db - restart: always + restart: always + expose: + - 5432 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/plausible/database/:/var/lib/postgresql/data environment: @@ -18,8 +14,8 @@ services: # - proxy plausible_events_db: + image: clickhouse/clickhouse-server:24.3.3.102-alpine container_name: plausible-events-db - image: clickhouse/clickhouse-server:24.3.3.102-alpine restart: always environment: - CLICKHOUSE_UID=1000 @@ -36,16 +32,17 @@ services: # - proxy plausible: + image: ghcr.io/plausible/community-edition:v2.1 container_name: plausible - image: ghcr.io/plausible/community-edition:v2.1.1 restart: always command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run" depends_on: - plausible_db - plausible_events_db - # - mail ports: - 8000:8000 # WEB UI + expose: + - 8000 env_file: - .env #networks: diff --git a/examples/plex/docker-compose.yml b/examples/plex/docker-compose.yml index 527471e..a220533 100644 --- a/examples/plex/docker-compose.yml +++ b/examples/plex/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + pms-docker: image: plexinc/pms-docker container_name: plex @@ -14,3 +13,5 @@ services: restart: unless-stopped ports: - '32400:32400' + expose: + - 32400 diff --git a/examples/portainer/docker-compose.yml b/examples/portainer/docker-compose.yml index de898bd..8efcc10 100644 --- a/examples/portainer/docker-compose.yml +++ b/examples/portainer/docker-compose.yml @@ -1,9 +1,8 @@ -version: '3' - services: + portainer: - image: portainer/portainer-ee:2.21.0-alpine # or use community edition via portainer/portainer-ce - container_name: portainer-ee # may rename to portainer-ce if community edition is used + image: portainer/portainer-ce:2.23.0-alpine # or portainer-ee for enterprise edition + container_name: portainer-ce # or portainer-ee for enterprise edition restart: unless-stopped volumes: - /etc/localtime:/etc/localtime:ro diff --git a/examples/posio/docker-compose.yml b/examples/posio/docker-compose.yml index fdc8abf..d079159 100644 --- a/examples/posio/docker-compose.yml +++ b/examples/posio/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + posio: image: l4rm4nd/posio:latest container_name: posio diff --git a/examples/privatebin/docker-compose.yml b/examples/privatebin/docker-compose.yml index 01707e6..4b1b9ef 100644 --- a/examples/privatebin/docker-compose.yml +++ b/examples/privatebin/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3.7" - services: + privatebin: hostname: privatebin container_name: privatebin @@ -8,6 +7,8 @@ services: read_only: true # not in compose 3.0 documentation but appears supported based ports: - 8080:8080 + expose: + - 8080 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/privatebin/data:/srv/data # volume for persisted data pastes - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/privatebin/configs/config.php:/srv/cfg/conf.php:ro # volume for custom privatebin config; please place the config.php file here diff --git a/examples/projectsend/docker-compose.yml b/examples/projectsend/docker-compose.yml index 9ce6de6..d58b261 100644 --- a/examples/projectsend/docker-compose.yml +++ b/examples/projectsend/docker-compose.yml @@ -1,5 +1,5 @@ -version: "2.1" services: + projectsend: image: lscr.io/linuxserver/projectsend:latest container_name: projectsend @@ -13,15 +13,19 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/projectsend/data:/data ports: - 8080:80 # WEB UI + expose: + - 80 restart: unless-stopped depends_on: - database database: - image: mariadb:10.5 + image: mariadb:11.5 container_name: projectsend-db command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: unless-stopped + expose: + - 3306 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/projectsend/database:/var/lib/mysql environment: diff --git a/examples/prowlarr/docker-compose.yml b/examples/prowlarr/docker-compose.yml index 2796542..cea8bf3 100644 --- a/examples/prowlarr/docker-compose.yml +++ b/examples/prowlarr/docker-compose.yml @@ -1,6 +1,5 @@ -version: "2.1" - services: + prowlarr: image: lscr.io/linuxserver/prowlarr:latest container_name: prowlarr @@ -12,4 +11,6 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/prowlarr/config:/config ports: - 9696:9696 + expose: + - 9696 restart: unless-stopped diff --git a/examples/pwndrop/docker-compose.yml b/examples/pwndrop/docker-compose.yml index a46c0ef..2ec7648 100644 --- a/examples/pwndrop/docker-compose.yml +++ b/examples/pwndrop/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3" - services: + pwndrop: image: linuxserver/pwndrop:latest container_name: pwndrop diff --git a/examples/radarr/docker-compose.yml b/examples/radarr/docker-compose.yml index 01bbbed..702fc4e 100644 --- a/examples/radarr/docker-compose.yml +++ b/examples/radarr/docker-compose.yml @@ -1,6 +1,5 @@ -version: "2.1" - services: + radarr: image: lscr.io/linuxserver/radarr:latest container_name: radarr @@ -14,4 +13,6 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/radarr/downloads:/downloads # Should be the same as the download client's folder ports: - 7878:7878 + expose: + - 7878 restart: unless-stopped diff --git a/examples/raveberry/docker-compose.yml b/examples/raveberry/docker-compose.yml index a74c4bb..e684326 100644 --- a/examples/raveberry/docker-compose.yml +++ b/examples/raveberry/docker-compose.yml @@ -1,8 +1,7 @@ -version: '3' - services: + db: - image: postgres:13 + image: postgres:16-alpine container_name: raveberry-db environment: - POSTGRES_DB=raveberry @@ -15,7 +14,7 @@ services: # - proxy redis: - image: redis + image: redis:7-alpine container_name: raveberry-redis restart: unless-stopped #networks: @@ -144,8 +143,10 @@ services: nginx: image: raveberry/raveberry-nginx container_name: raveberry-nginx - #ports: - # - 9870:80 + ports: + - 9870:80 + expose: + - 80 environment: - DAPHNE_HOST - DAPHNE_PORT diff --git a/examples/requestbin/docker-compose.yml b/examples/requestbin/docker-compose.yml index df4743c..ed28cb8 100644 --- a/examples/requestbin/docker-compose.yml +++ b/examples/requestbin/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3.3" - services: + app: image: l4rm4nd/requestbin:latest hostname: requestbin @@ -27,8 +26,8 @@ services: redis: image: redis:alpine - hostname: redis container_name: requestbin_redis + hostname: redis restart: unless-stopped #volumes: # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/requestbin/redis:/data diff --git a/examples/rocketchat/docker-compose.yml b/examples/rocketchat/docker-compose.yml index d83017a..80ac477 100644 --- a/examples/rocketchat/docker-compose.yml +++ b/examples/rocketchat/docker-compose.yml @@ -1,24 +1,14 @@ -version: "3.7" - services: + rocketchat: + image: registry.rocket.chat/rocketchat/rocket.chat:latest container_name: rocketchat hostname: rocketchat - image: registry.rocket.chat/rocketchat/rocket.chat:latest restart: unless-stopped expose: - 3000 ports: - 3000:3000 # web ui - #labels: - # - traefik.enable=true - # - traefik.http.routers.rocketchat.rule=Host(`chat.example.com`) # pls change - # - traefik.http.services.rocketchat.loadbalancer.server.port=3000 - # - traefik.docker.network=proxy - # # Part for local lan services only; disable to expose externally - # - traefik.http.routers.rocketchat.middlewares=local-ipwhitelist@file - #networks: - # - proxy volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/rocketchat/uploads:/app/uploads # only use if you enable filesystem upload in the admin area; see https://docs.rocket.chat/use-rocket.chat/workspace-administration/settings/file-upload#storage-type environment: @@ -34,11 +24,20 @@ services: DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-linux} depends_on: - mongodb + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.rocketchat.rule=Host(`chat.example.com`) # pls change + # - traefik.http.services.rocketchat.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for local lan services only; disable to expose externally + # - traefik.http.routers.rocketchat.middlewares=local-ipwhitelist@file mongodb: + image: docker.io/bitnami/mongodb:${MONGODB_VERSION:-4.4} container_name: rocketchat-db hostname: rocketchat-db - image: docker.io/bitnami/mongodb:${MONGODB_VERSION:-4.4} restart: unless-stopped volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/rocketchat/mongodb:/bitnami/mongodb diff --git a/examples/rxresume/docker-compose-v3.yml b/examples/rxresume/docker-compose-v3.yml index 9d6ee63..c8f1c58 100644 --- a/examples/rxresume/docker-compose-v3.yml +++ b/examples/rxresume/docker-compose-v3.yml @@ -1,5 +1,3 @@ -version: "3.8" - # This docker compose example targets rxresume < 4.0 # For a newer version, please see https://github.com/AmruthPillai/Reactive-Resume/tree/main/tools/compose @@ -22,8 +20,9 @@ version: "3.8" # https://github.com/AmruthPillai/Reactive-Resume/issues/721#issuecomment-1405283786 services: + postgres: - image: postgres:alpine + image: postgres:16-alpine container_name: rxresume-db restart: always expose: diff --git a/examples/rxresume/docker-compose-v4.yml b/examples/rxresume/docker-compose-v4.yml index 17520b0..bf53b97 100644 --- a/examples/rxresume/docker-compose-v4.yml +++ b/examples/rxresume/docker-compose-v4.yml @@ -1,6 +1,5 @@ -version: "3.8" - services: + postgres: image: postgres:16-alpine container_name: rx-db diff --git a/examples/scratch-map/README.md b/examples/scratch-map/README.md new file mode 100644 index 0000000..b746a41 --- /dev/null +++ b/examples/scratch-map/README.md @@ -0,0 +1,11 @@ +# References + +- https://github.com/ad3m3r5/scratch-map + +# Notes + +May require you to fix permissions of the bind mount volume: + +```` +sudo chown -R 1000:1000 ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/scratch-map +```` diff --git a/examples/scratch-map/docker-compose.yml b/examples/scratch-map/docker-compose.yml new file mode 100644 index 0000000..3a0dd5a --- /dev/null +++ b/examples/scratch-map/docker-compose.yml @@ -0,0 +1,28 @@ +services: + + scratchmap: + image: ad3m3r5/scratch-map:latest + container_name: scratch-map + restart: unless-stopped + ports: + - 8080:8080/tcp # http ui + expose: + - 8080/tcp + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/scratch-map:/data + environment: + - DBLOCATION=/data + - PORT=8080 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.scratchmap.rule=Host(`earth.example.com`) + # - traefik.http.services.scratchmap.loadbalancer.server.port=8080 + # # Optional part for traefik middlewares + # - traefik.http.routers.scratchmap.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/seafile/docker-compose.yml b/examples/seafile/docker-compose.yml index 00716fb..4bf4272 100644 --- a/examples/seafile/docker-compose.yml +++ b/examples/seafile/docker-compose.yml @@ -1,8 +1,7 @@ -version: '3.6' - services: + db: - image: mariadb:10.11 + image: mariadb:11.5 container_name: seafile-mysql environment: - MYSQL_ROOT_PASSWORD=db_dev # Requested, set the root's password of MySQL service. @@ -28,6 +27,9 @@ services: ports: - "7780:80" # HTTP - "7443:443" # HTTPS + expose: + - 80 + - 443 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/seafile/data:/shared # Requested, specifies the path to Seafile data persistent store. environment: diff --git a/examples/send/docker-compose.yml b/examples/send/docker-compose.yml index 20d227f..4a8be6b 100644 --- a/examples/send/docker-compose.yml +++ b/examples/send/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3" - services: send: diff --git a/examples/sftpgo/docker-compose.yml b/examples/sftpgo/docker-compose.yml index 204dc4a..639cd2c 100644 --- a/examples/sftpgo/docker-compose.yml +++ b/examples/sftpgo/docker-compose.yml @@ -2,13 +2,16 @@ services: sftpgo: image: drakkan/sftpgo:v2-alpine + container_name: sftpgo user: 1000:1000 restart: unless-stopped ports: - 8888:8080 # HTTP - #- 2022:2022" # SFTP - #- 8443:443" # HTTPS - #- 5007:5007 # WEBDAV + expose: + - 8080 # HTTP + - 2022 # SFTP + - 443 # HTTPS + - 5007 # WEBDAV environment: # These are the settings to access your db SFTPGO_WEBDAVD__BINDINGS__0__PORT: 5007 @@ -28,7 +31,10 @@ services: mysql: image: mysql:latest + container_name: sftpgo-db restart: always + expose: + - 3306 environment: MYSQL_DATABASE: sftpgo MYSQL_USER: sftpgo # please change diff --git a/examples/shiori/docker-compose.yml b/examples/shiori/docker-compose.yml index d8b1db1..52e02f0 100644 --- a/examples/shiori/docker-compose.yml +++ b/examples/shiori/docker-compose.yml @@ -1,5 +1,3 @@ -version: "2.1" - services: shiori: diff --git a/examples/snipe-it/docker-compose.yml b/examples/snipe-it/docker-compose.yml index 44270eb..426b2c4 100644 --- a/examples/snipe-it/docker-compose.yml +++ b/examples/snipe-it/docker-compose.yml @@ -1,9 +1,8 @@ ---- -version: "2.1" services: + snipe-it: image: lscr.io/linuxserver/snipe-it:latest - container_name: snipe-it + container_name: snipeit environment: - PUID=1000 - PGID=1000 @@ -18,11 +17,15 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/snipeit/config:/config ports: - 8080:80 + expose: + - 80 restart: unless-stopped mariadb: image: lscr.io/linuxserver/mariadb:latest - container_name: mariadb + container_name: snipeit-mariadb + expose: + - 3306 environment: - PUID=1000 - PGID=1000 diff --git a/examples/sonarr/docker-compose.yml b/examples/sonarr/docker-compose.yml index 9151cbd..a8c7f0f 100644 --- a/examples/sonarr/docker-compose.yml +++ b/examples/sonarr/docker-compose.yml @@ -1,6 +1,5 @@ -version: "2.1" - services: + sonarr: image: lscr.io/linuxserver/sonarr:latest container_name: sonarr @@ -14,4 +13,6 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sonarr/downloads:/downloads # Should be the same as the download client's folder ports: - 8989:8989 + expose: + - 8989 restart: unless-stopped diff --git a/examples/speedtest-tracker/docker-compose.yml b/examples/speedtest-tracker/docker-compose.yml index 30fadbb..90ea6b1 100644 --- a/examples/speedtest-tracker/docker-compose.yml +++ b/examples/speedtest-tracker/docker-compose.yml @@ -1,20 +1,23 @@ -version: '3.3' services: - speedtest: - container_name: speedtest - image: henrywhitaker3/speedtest-tracker - ports: - - 8765:80 - volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/speedtest-tracker/config:/config - environment: - - TZ=Europe/Berlin - - PGID=1000 - - PUID=1000 - - OOKLA_EULA_GDPR=true - logging: - driver: "json-file" - options: - max-file: "10" - max-size: "200k" - restart: unless-stopped + + speedtest: + image: henrywhitaker3/speedtest-tracker + container_name: speedtest + hostname: speedtest + restart: unless-stopped + ports: + - 8765:80/tcp + expose: + - 80 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/speedtest-tracker/config:/config + environment: + - TZ=Europe/Berlin + - PGID=1000 + - PUID=1000 + - OOKLA_EULA_GDPR=true + logging: + driver: "json-file" + options: + max-file: "10" + max-size: "200k" \ No newline at end of file diff --git a/examples/stash/docker-compose.yml b/examples/stash/docker-compose.yml index e305b5d..7d0ea19 100644 --- a/examples/stash/docker-compose.yml +++ b/examples/stash/docker-compose.yml @@ -1,7 +1,5 @@ -# APPNICENAME=Stash -version: '3.4' - services: + stash: image: stashapp/stash:latest container_name: stash @@ -10,6 +8,8 @@ services: ## the container's port must be the same with the STASH_PORT in the environment section ports: - "9999:9999" + expose: + - 9999 ## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section # network_mode: host logging: @@ -36,10 +36,16 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/stash/cache:/cache ## Where to store generated content (screenshots,previews,transcodes,sprites) - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/stash/generated:/generated + #networks: + # - proxy #labels: # - traefik.enable=true + # - traefik.docker.network=proxy # - traefik.http.routers.stash.rule=Host(`stash.example.com`) # - traefik.http.services.stash.loadbalancer.server.port=9999 - # - traefik.docker.network=proxy # # Part for optional traefik middlewares # - traefik.http.routers.stash.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/syncthing/docker-compose.yml b/examples/syncthing/docker-compose.yml index 9894cfe..c1d493d 100644 --- a/examples/syncthing/docker-compose.yml +++ b/examples/syncthing/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3" - services: + syncthing: image: syncthing/syncthing container_name: syncthing diff --git a/examples/tandoor/docker-compose.yml b/examples/tandoor/docker-compose.yml index 60209d7..002cd16 100644 --- a/examples/tandoor/docker-compose.yml +++ b/examples/tandoor/docker-compose.yml @@ -1,20 +1,24 @@ -version: "3" services: + db_recipes: - restart: always + image: postgres:16-alpine container_name: tandoor_db - image: postgres:11-alpine + restart: always + expose: + - 5432 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/tandoor/postgresql:/var/lib/postgresql/data env_file: - ./.env web_recipes: - restart: always + image: vabene1111/recipes:latest container_name: tandoor_recipes + restart: always ports: - 8080:8080 - image: vabene1111/recipes:latest + expose: + - 8080 env_file: - ./.env volumes: @@ -23,10 +27,16 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/tandoor/mediafiles:/opt/recipes/mediafiles depends_on: - db_recipes - labels: - - traefik.enable=true - - traefik.http.routers.tandoor.rule=Host(`tandoor.example.com`) - - traefik.http.services.tandoor.loadbalancer.server.port=8080 - - traefik.docker.network=proxy - # Part for local lan services only - #- traefik.http.routers.tandoor.middlewares=local-ipwhitelist@file + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.tandoor.rule=Host(`tandoor.example.com`) + # - traefik.http.services.tandoor.loadbalancer.server.port=8080 + # - traefik.docker.network=proxy + # # Part for local lan services only + # #- traefik.http.routers.tandoor.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/technitium/docker-compose.yml b/examples/technitium/docker-compose.yml index 3bfb292..39ac5f0 100644 --- a/examples/technitium/docker-compose.yml +++ b/examples/technitium/docker-compose.yml @@ -1,9 +1,9 @@ -version: "3" services: + dns-server: + image: technitium/dns-server:latest container_name: dns-server hostname: dns-server - image: technitium/dns-server:latest # Use "host" network mode for DHCP deployments # network_mode: "host" ports: @@ -33,10 +33,16 @@ services: volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/technitium/config:/etc/dns/config restart: unless-stopped - labels: - - traefik.enable=true - - traefik.http.routers.technitium.rule=Host(`technitium.example.com`) - - traefik.http.services.technitium.loadbalancer.server.port=5380 - - traefik.docker.network=proxy - # Part for local lan services only - #- traefik.http.routers.technitium.middlewares=local-ipwhitelist@file + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.technitium.rule=Host(`technitium.example.com`) + # - traefik.http.services.technitium.loadbalancer.server.port=5380 + # # Part for local lan services only + # #- traefik.http.routers.technitium.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/tor-browser/docker-compose.yml b/examples/tor-browser/docker-compose.yml index 43156bd..1eddbd9 100644 --- a/examples/tor-browser/docker-compose.yml +++ b/examples/tor-browser/docker-compose.yml @@ -1,10 +1,15 @@ services: + torbrowser: image: domistyle/tor-browser:latest + container_name: torbrowser restart: unless-stopped ports: - 5800:5800 # Provides a web interface to access the Tor browser #- 5900:5900 # Provides direct access to the VNC server; optional + expose: + - 5800 + - 5900 environment: #- DISPLAY_WIDTH=1280 # default; optional #- DISPLAY_HEIGHT=768 # default; optional diff --git a/examples/traefik/docker-compose-command-config.yml b/examples/traefik/docker-compose-command-config.yml index bf54014..fe9ad93 100644 --- a/examples/traefik/docker-compose-command-config.yml +++ b/examples/traefik/docker-compose-command-config.yml @@ -1,13 +1,12 @@ # This docker compose example configures traefik by command definitions. # This makes the traefik.yml static configuration obsolete. # Note that we still reference a dynamic configuration for best practice - -version: '3.8' - services: + traefik: - image: traefik:2.11 + image: traefik:3.1 container_name: traefik + restart: always command: - --providers.docker=true # enable docker provider - --providers.docker.network=proxy # define default network to monitor for docker provider @@ -52,9 +51,11 @@ services: ports: - 80:80 # http - 443:443 # https - - 127.0.0.1:8080:8080 # traefik api dashboard - networks: - - proxy # define traefik docker network + - 127.0.0.1:8080:8080 # http api dashboard + expose: + - 80 # http + - 443 # https + - 8080 # http api dashboard environment: - TZ=Europe/Berlin # define timezone - CF_DNS_API_TOKEN= # define your cloudflare api token @@ -62,9 +63,10 @@ services: - /var/run/docker.sock:/var/run/docker.sock:ro # pass docker socket as read-only - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik:/etc/traefik/ # bind mount volume for persistent traefik data - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/logs # bind mount volume for persistent traefik logs - restart: always # always restart traefik extra_hosts: - host.docker.internal:172.17.0.1 # define internal ip; helps traefik to resolve containers running in host network mode + networks: + - proxy # define traefik docker network networks: proxy: diff --git a/examples/traefik/docker-compose.yml b/examples/traefik/docker-compose.yml index 9beb945..5cf1c90 100644 --- a/examples/traefik/docker-compose.yml +++ b/examples/traefik/docker-compose.yml @@ -1,19 +1,22 @@ -version: '3' services: + traefik: + image: traefik:v3.2 container_name: traefik - image: traefik:v3.1 + restart: always ports: - - 80:80/tcp # HTTP - - 443:443/tcp # HTTPS - - 443:443/udp # HTTPS via HTTP/3 QUIC UDP - - 127.0.0.1:8080:8080 # MGMT WEB UI + - 80:80/tcp # http + - 443:443/tcp # https + - 443:443/udp # https http3 quic + - 127.0.0.1:8080:8080 # http api dashboard + expose: + - 80 # http + - 443 # https + - 8080 # http api dashboard volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # ro = read-only access to the docker.sock - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik:/etc/traefik/ # put the provided traefik.yml and fileConfig.yml files at this location - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/logs - networks: - - proxy environment: - TZ=Europe/Berlin - CF_DNS_API_TOKEN=MyCloudflareApiToken # change this if you use Cloudflare @@ -23,9 +26,10 @@ services: - traefik.http.routers.api.service=api@internal # Enable Traefik API. - traefik.http.routers.api.middlewares=local-ipwhitelist@file,basic-auth@file # protect dashboard with basic auth and restrict access to private class subnets only #- traefik.http.middlewares.basic-auth-global.basicauth.users=admin:$$apr1$$epoKf5li$$QfTMJZOCS/halv3CiIUEu0 # protect the traefik dashboard by basic auth (pw=password) - restart: always extra_hosts: - host.docker.internal:172.17.0.1 + networks: + - proxy networks: proxy: diff --git a/examples/traefik/fileConfig.yml b/examples/traefik/fileConfig.yml index 967ba26..782ca17 100644 --- a/examples/traefik/fileConfig.yml +++ b/examples/traefik/fileConfig.yml @@ -91,6 +91,55 @@ http: # - Remote-Name # - Remote-Email + #crowdsec: + # plugin: + # bouncer: + # enabled: true + # defaultDecisionSeconds: 60 + # crowdsecMode: live + # crowdsecAppsecEnabled: false + # crowdsecAppsecHost: crowdsec:7422 + # crowdsecAppsecFailureBlock: true + # crowdsecAppsecUnreachableBlock: true + # crowdsecLapiKey: FIXME-LAPI-KEY # <--- replace this later + # crowdsecLapiHost: crowdsec:8080 + # crowdsecLapiScheme: http + # crowdsecLapiTLSInsecureVerify: false + # forwardedHeadersTrustedIPs: + # # private class ranges + # - 10.0.0.0/8 + # - 172.16.0.0/12 + # - 192.168.0.0/16 + # ## cloudflare ipv4 + # #- 103.21.244.0/22 + # #- 103.22.200.0/22 + # #- 103.31.4.0/22 + # #- 104.16.0.0/13 + # #- 104.24.0.0/14 + # #- 108.162.192.0/18 + # #- 131.0.72.0/22 + # #- 141.101.64.0/18 + # #- 162.158.0.0/15 + # #- 172.64.0.0/13 + # #- 173.245.48.0/20 + # #- 188.114.96.0/20 + # #- 190.93.240.0/20 + # #- 197.234.240.0/22 + # #- 198.41.128.0/17 + # ## cloudflare ipv6 + # #- 2400:cb00::/32 + # #- 2606:4700::/32 + # #- 2803:f800::/32 + # #- 2405:b500::/32 + # #- 2405:8100::/32 + # #- 2a06:98c0::/29 + # #- 2c0f:f248::/32 + # clientTrustedIPs: + # # private class ranges + # - 10.0.0.0/8 + # - 172.16.0.0/12 + # - 192.168.0.0/16 + # rate limiting rate-limit: rateLimit: diff --git a/examples/traefik/traefik.yml b/examples/traefik/traefik.yml index 6017029..2811131 100644 --- a/examples/traefik/traefik.yml +++ b/examples/traefik/traefik.yml @@ -12,6 +12,13 @@ api: log: level: INFO +# crowdsec bouncer +#experimental: +# plugins: +# bouncer: +# moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin +# version: v1.3.5 + #metrics: # influxDB2: # address: http://influxdb2:8086 @@ -29,7 +36,7 @@ accessLog: format: json filters: statusCodes: - # - "200" # log successful http requests + - "200-299" # log successful http requests - "400-599" # log failed http requests #retryAttempts: true #minDuration: "10ms" @@ -102,6 +109,7 @@ entryPoints: middlewares: - security-headers@file # reference to a dynamic middleware for setting http security headers per default - rate-limit@file # reference to a dynamic middleware for enabling rate limiting per default + #- crowdsec@file # reference to a dynamic middleware for enabling crowdsec bouncer providers: providersThrottleDuration: 2s diff --git a/examples/transfer.sh/docker-compose.yml b/examples/transfer.sh/docker-compose.yml index fcdb6b0..81d91e7 100644 --- a/examples/transfer.sh/docker-compose.yml +++ b/examples/transfer.sh/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' - services: + transfer: image: dutchcoders/transfer.sh:latest-noroot container_name: transfer @@ -16,19 +15,19 @@ services: - --provider=local - --basedir=/tmp/ #networks: - # - dev # or use dev for testing purposes + # - proxy #labels: # - traefik.enable=true + # - traefik.docker.network=proxy # - traefik.http.routers.transfer.rule=Host(`transfer.example.com`) # - traefik.http.services.transfer.loadbalancer.server.port=8080 # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads - # - traefik.docker.network=proxy # # Part for optional traefik middlewares # - traefik.http.routers.transfer.middlewares=local-ipwhitelist@file #networks: -# dev: # or use dev for testing purposes +# proxy: # external: true diff --git a/examples/transfer.zip/docker-compose.yml b/examples/transfer.zip/docker-compose.yml index e93b340..7f4295d 100644 --- a/examples/transfer.zip/docker-compose.yml +++ b/examples/transfer.zip/docker-compose.yml @@ -1,37 +1,36 @@ -version: '3.3' - services: + web-server: #build: web-server image: l4rm4nd/transferzip:web-server hostname: web-server container_name: transferzip-web restart: unless-stopped + ports: + - 9001:80 expose: - 80 depends_on: - signaling-server - ports: - - 9001:80 #networks: # - proxy #labels: # - traefik.enable=true + # - traefik.docker.network=proxy # - traefik.http.routers.transferzip.rule=Host(`transfer.example.com`) # - traefik.http.services.transferzip.loadbalancer.server.port=80 # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads - # - traefik.docker.network=proxy # # Part for optional traefik middlewares # - traefik.http.routers.transferzip.middlewares=local-ipwhitelist@file,authelia@file,basic-auth@file signaling-server: #build: signaling-server image: l4rm4nd/transferzip:signaling-server - hostname: signaling-server container_name: transferzip-signaling + hostname: signaling-server restart: unless-stopped #networks: # - proxy diff --git a/examples/transmission/docker-compose.yml b/examples/transmission/docker-compose.yml index c7231e5..130e124 100644 --- a/examples/transmission/docker-compose.yml +++ b/examples/transmission/docker-compose.yml @@ -1,9 +1,9 @@ -version: "2.1" - services: + transmission: image: lscr.io/linuxserver/transmission:latest container_name: transmission + restart: unless-stopped environment: - PUID=1000 - PGID=1000 @@ -16,4 +16,6 @@ services: - 9091:9091 # web ui - 51413:51413 # torrent port tcp - 51413:51413/udp # torrent port udp - restart: unless-stopped + expose: + - 9091 + - 51413 \ No newline at end of file diff --git a/examples/trsync/docker-compose.yml b/examples/trsync/docker-compose.yml index 64d4834..e143d83 100644 --- a/examples/trsync/docker-compose.yml +++ b/examples/trsync/docker-compose.yml @@ -1,10 +1,26 @@ -version: '3.3' services: - trsync: - image: l4rm4nd/trsync:latest - container_name: trsync - ports: - - '8000:8000' - environment: - - SECRET_KEY=ChooseStrongSecretKeyHere # pls change - - DOMAIN=trsync.example.com # your hostname to put in Django's ALLOW_HOSTS + + trsync: + image: l4rm4nd/trsync:latest + container_name: trsync + restart: unless-stopped + ports: + - 8000:8000/tcp + expose: + - 8000 + environment: + - SECRET_KEY=ChooseStrongSecretKeyHere # pls change + - DOMAIN=trsync.example.com # your hostname to put in Django's ALLOW_HOSTS + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.trsync.rule=Host(`trsync.example.com`) + # - traefik.http.services.trsync.loadbalancer.server.port=8000 + # # Optional part for traefik middlewares + # - traefik.http.routers.trsync.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/unify-network-application/docker-compose.yml b/examples/unify-network-application/docker-compose.yml index 7d62805..ce535cd 100644 --- a/examples/unify-network-application/docker-compose.yml +++ b/examples/unify-network-application/docker-compose.yml @@ -1,6 +1,5 @@ -version: "2.1" - services: + unifi-network-application: image: lscr.io/linuxserver/unifi-network-application:latest container_name: unifi-network-application diff --git a/examples/upsnap/docker-compose.yml b/examples/upsnap/docker-compose.yml index b352c96..1ace8ca 100644 --- a/examples/upsnap/docker-compose.yml +++ b/examples/upsnap/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3" - services: + upsnap: image: ghcr.io/seriousm4x/upsnap:3 container_name: upsnap diff --git a/examples/uptime-kuma/docker-compose.yml b/examples/uptime-kuma/docker-compose.yml index a71d2b6..efd25eb 100644 --- a/examples/uptime-kuma/docker-compose.yml +++ b/examples/uptime-kuma/docker-compose.yml @@ -1,10 +1,9 @@ -version: "3.8" - services: + app: + image: louislam/uptime-kuma container_name: uptime-kuma hostname: uptime-kuma - image: louislam/uptime-kuma restart: always ports: - 3001:3001 @@ -19,9 +18,9 @@ services: # - proxy #labels: # - traefik.enable=true + # - traefik.docker.network=proxy # - traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.example.com`) # - traefik.http.services.uptimekuma.loadbalancer.server.port=3001 - # - traefik.docker.network=proxy # # Part for local lan services only # #- traefik.http.routers.uptimekuma.middlewares=local-ipwhitelist@file diff --git a/examples/vaultwarden/docker-compose.yml b/examples/vaultwarden/docker-compose.yml index a958925..3a7eba9 100644 --- a/examples/vaultwarden/docker-compose.yml +++ b/examples/vaultwarden/docker-compose.yml @@ -1,6 +1,5 @@ -version: "3" - services: + vaultwarden: image: vaultwarden/server:latest-alpine container_name: vaultwarden @@ -28,6 +27,11 @@ services: - EXTENDED_LOGGING=true ports: - 8888:80 + expose: + - 80 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/logs:/data/logs #networks: # - proxy #labels: @@ -37,13 +41,16 @@ services: # - traefik.http.routers.vaultwarden.rule=Host(`bitwarden.example.com`) # - traefik.http.routers.vaultwarden.service=vaultwarden # - traefik.http.services.vaultwarden.loadbalancer.server.port=80 + ## Block access to the /admin dashboard from public ip ranges # - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/admin`) # - traefik.http.routers.vaultwarden-admin.service=vaultwarden # - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80 - # - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file,authelia@file - volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/logs:/data/logs + # - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file + ## Block access to the /api/version endpoint from public ip ranges + # - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/api/version`) + # - traefik.http.routers.vaultwarden-admin.service=vaultwarden + # - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80 + # - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file # this service will backup your vaultwarden instance correctly # see https://github.com/Bruceforce/vaultwarden-backup for more information @@ -55,15 +62,11 @@ services: init: true depends_on: - vaultwarden - #labels: - # com.centurylinklabs.watchtower.monitor-only: true volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data/ - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/backup:/myBackup - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - #networks: - # - proxy environment: - TIMESTAMP=true - DELETE_AFTER=30 @@ -72,6 +75,8 @@ services: - TZ=Europe/Berlin - BACKUP_DIR=/myBackup - CRON_TIME=50 3 * * * # see https://crontab.guru/, define without quotes! + #networks: + # - proxy #networks: # proxy: diff --git a/examples/vouchervault/docker-compose.yml b/examples/vouchervault/docker-compose.yml index 79b7ee3..d79eb99 100644 --- a/examples/vouchervault/docker-compose.yml +++ b/examples/vouchervault/docker-compose.yml @@ -1,7 +1,7 @@ services: vouchervault: - image: l4rm4nd/vouchervault:1.6.x + image: l4rm4nd/vouchervault:1.7.x container_name: vouchervault environment: # your FQDN or IP; used to define ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS @@ -49,8 +49,8 @@ services: # - traefik.http.routers.vouchervault.middlewares=local-ipwhitelist@file redis: + image: redis:7-alpine container_name: vouchervault-redis - image: redis:7.2-alpine restart: unless-stopped #networks: # - proxy diff --git a/examples/watchtower/docker-compose.yml b/examples/watchtower/docker-compose.yml index d4bea0d..8dd634e 100644 --- a/examples/watchtower/docker-compose.yml +++ b/examples/watchtower/docker-compose.yml @@ -1,7 +1,7 @@ -version: "3.9" - services: + watchtower: + image: containrrr/watchtower:latest container_name: watchtower hostname: watchtower environment: @@ -16,12 +16,11 @@ services: #- WATCHTOWER_MONITOR_ONLY=true - WATCHTOWER_SCHEDULE=0 0 6 * * * # requires a go cron syntax of 6 space-separated fields; see https://containrrr.dev/watchtower/arguments/#scheduling - WATCHTOWER_CLEANUP=true # remove unused images afterwards - image: containrrr/watchtower:latest - labels: - com.centurylinklabs.watchtower: true restart: always network_mode: "host" volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro working_dir: / + labels: + com.centurylinklabs.watchtower: true diff --git a/examples/watchyourlan/docker-compose-v1.yml b/examples/watchyourlan/docker-compose-v1.yml index 2f33f28..4091a0c 100644 --- a/examples/watchyourlan/docker-compose-v1.yml +++ b/examples/watchyourlan/docker-compose-v1.yml @@ -1,5 +1,5 @@ -version: "3" services: + wyl: image: aceberg/watchyourlan:1.0.6 container_name: watchyourlan diff --git a/examples/watchyourlan/docker-compose-v2.yml b/examples/watchyourlan/docker-compose-v2.yml index 1ca6813..98360b8 100644 --- a/examples/watchyourlan/docker-compose-v2.yml +++ b/examples/watchyourlan/docker-compose-v2.yml @@ -1,6 +1,5 @@ -version: "3" - services: + wyl: image: aceberg/watchyourlan:v2 container_name: watchyourlan-v2 diff --git a/examples/webhook.site/docker-compose.yml b/examples/webhook.site/docker-compose.yml index e4fbfb2..ed47f7b 100644 --- a/examples/webhook.site/docker-compose.yml +++ b/examples/webhook.site/docker-compose.yml @@ -1,11 +1,12 @@ -version: '3' - services: + webhook: image: webhooksite/webhook.site container_name: webhook restart: unless-stopped command: php artisan queue:work --daemon --tries=3 --timeout=10 + ports: + - 8084:80 expose: - 80 environment: @@ -23,13 +24,13 @@ services: - redis #labels: # - traefik.enable=true - # - traefik.docker.network=dev + # - traefik.docker.network=proxy # - traefik.http.routers.webhook.rule=Host(`hook.example.com`) # - traefik.http.services.webhook.loadbalancer.server.port=80 # # Optional part for traefik middlewares # - traefik.http.routers.webhook.middlewares=local-ipwhitelist@file,authelia@docker #networks: - # - dev + # - proxy redis: image: redis:alpine @@ -38,7 +39,7 @@ services: #volumes: # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/requestbin/redis:/data #networks: - # - dev + # - proxy laravel-echo-server: image: webhooksite/laravel-echo-server @@ -56,8 +57,8 @@ services: - ECHO_ALLOW_METHODS=* - ECHO_ALLOW_HEADERS=* #networks: - # - dev + # - proxy #networks: -# dev: +# proxy: # external: true diff --git a/examples/webtrees/docker-compose.yml b/examples/webtrees/docker-compose.yml index 4ed0179..eb250c2 100644 --- a/examples/webtrees/docker-compose.yml +++ b/examples/webtrees/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3" - services: app: @@ -49,8 +47,10 @@ services: MARIADB_ROOT_PASSWORD: "badpassword" MARIADB_PASSWORD: "badpassword" restart: unless-stopped + expose: + - 3306 volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/webtrees/db:/var/lib/mysql + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/webtrees/db:/var/lib/mysql #networks: # - webtrees-default diff --git a/examples/wg-easy/docker-compose.yml b/examples/wg-easy/docker-compose.yml index 6c20535..e05f846 100644 --- a/examples/wg-easy/docker-compose.yml +++ b/examples/wg-easy/docker-compose.yml @@ -1,34 +1,36 @@ -version: "3" - services: + wg-easy: + image: ghcr.io/wg-easy/wg-easy:13 + container_name: wg-easy + hostname: wireguard-easy + restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE - container_name: wg-easy environment: - WG_HOST=vpn.example.com # your hostname or ip address - PASSWORD=MyStrongPasswordForWebUi # change this - WG_DEFAULT_DNS=1.1.1.1,8.8.8.8 # add your local dns like pihole - WG_ALLOWED_IPS=0.0.0.0/0, ::/0 - WG_DEVICE=eth0 - hostname: wireguard-easy - image: ghcr.io/wg-easy/wg-easy:13 ports: - - 51820:51820/udp #VPN - - 51821:51821/tcp #WEBGUI - restart: unless-stopped + - 51820:51820/udp # wireguard vpn + - 51821:51821/tcp # admin web ui + expose: + - 51820/udp # wireguard vpn + - 51821/tcp # admin web ui volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wg-easy:/etc/wireguard #networks: # - proxy -# labels: -# - traefik.enable=true -# - traefik.http.routers.wireguard.rule=Host(`vpn.example.com`) -# - traefik.http.services.wireguard.loadbalancer.server.port=51821 -# - traefik.docker.network=proxy -# # Part for local lan services only -# - traefik.http.routers.wireguard.middlewares=local-ipwhitelist@file + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.wireguard.rule=Host(`vpn.example.com`) + # - traefik.http.services.wireguard.loadbalancer.server.port=51821 + # # Part for local lan services only + # - traefik.http.routers.wireguard.middlewares=local-ipwhitelist@file #networks: # proxy: diff --git a/examples/whoogle/docker-compose.yml b/examples/whoogle/docker-compose.yml index a1620dd..e5526b2 100644 --- a/examples/whoogle/docker-compose.yml +++ b/examples/whoogle/docker-compose.yml @@ -1,12 +1,16 @@ # can't use mem_limit in a 3.x docker-compose file in non swarm mode # see https://github.com/docker/compose/issues/4513 -version: "2.4" services: + whoogle-search: image: benbusby/whoogle-search container_name: whoogle-search restart: unless-stopped + ports: + - 5000:5000 + expose: + - 5000 pids_limit: 50 mem_limit: 256mb memswap_limit: 256mb @@ -43,6 +47,4 @@ services: #- WHOOGLE_ALT_IMDB=farside.link/libremdb #- WHOOGLE_ALT_QUORA=farside.link/quetre #env_file: # Alternatively, load variables from whoogle.env - #- whoogle.env - ports: - - 5000:5000 + #- whoogle.env \ No newline at end of file diff --git a/examples/wikijs/docker-compose.yml b/examples/wikijs/docker-compose.yml index 031ff90..ccab742 100644 --- a/examples/wikijs/docker-compose.yml +++ b/examples/wikijs/docker-compose.yml @@ -1,14 +1,21 @@ -version: "3" - services: + wikijs: + image: linuxserver/wikijs:latest + container_name: wikijs + restart: unless-stopped environment: - PUID=1000 - PGID=1000 - TZ=Europe/Berlin - image: linuxserver/wikijs:latest - container_name: wikijs - restart: unless-stopped + - DB_TYPE=postgres + - DB_HOST=db + - DB_PORT=5432 + - DB_NAME=wikijs + - DB_USER=wikijs + - DB_PASS=MySecureDatabasePassword + expose: + - 3000 ports: - 8888:3000 # WEB UI volumes: @@ -16,14 +23,36 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wikijs/data:/data links: - db + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.wikijs.rule=Host(`wikijs.example.com`) + # - traefik.http.services.wikijs.loadbalancer.server.port=3000 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.wikijs.middlewares=local-ipwhitelist@file db: + image: postgres:16-alpine + container_name: postgresql environment: - POSTGRES_PASSWORD=MySecureDatabasePassword - POSTGRES_USER=wikijs - POSTGRES_DB=wikijs - container_name: postgresql - image: postgres:13.4-bullseye + expose: + - 5432 restart: unless-stopped volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wikijs/database:/var/lib/postgresql/data + #networks: + # - proxy + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/wireguard/docker-compose.yml b/examples/wireguard/docker-compose.yml index 757e891..2c57c67 100644 --- a/examples/wireguard/docker-compose.yml +++ b/examples/wireguard/docker-compose.yml @@ -1,28 +1,29 @@ -version: "3.7" +services: -services: wireguard: - image: linuxserver/wireguard - container_name: wireguard + image: linuxserver/wireguard + container_name: wireguard + restart: unless-stopped cap_add: - - NET_ADMIN - - SYS_MODULE + - NET_ADMIN + - SYS_MODULE environment: - - PUID=1000 - - PGID=1000 + - PUID=1000 + - PGID=1000 - TZ=Europe/Berlin - - SERVERURL=vpn.example.com #optional - - SERVERPORT=51820 #optional - - PEERS=1 #optional - - PEERDNS=auto #optional - - INTERNAL_SUBNET=10.13.13.0 #optional - - ALLOWEDIPS=0.0.0.0/0 #optional - volumes: - - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wireguard/config:/config - - /usr/src:/usr/src # location of kernel headers - - /lib/modules:/lib/modules - ports: - - 51820:51820/udp - sysctls: - - net.ipv4.conf.all.src_valid_mark=1 - restart: unless-stopped \ No newline at end of file + - SERVERURL=vpn.example.com #optional + - SERVERPORT=51820 #optional + - PEERS=1 #optional + - PEERDNS=auto #optional + - INTERNAL_SUBNET=10.13.13.0 #optional + - ALLOWEDIPS=0.0.0.0/0 #optional + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wireguard/config:/config + - /usr/src:/usr/src # location of kernel headers + - /lib/modules:/lib/modules + ports: + - 51820:51820/udp # wireguard vpn + expose: + - 51820 + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 diff --git a/examples/wordpress/docker-compose.yml b/examples/wordpress/docker-compose.yml index 0b29999..d64355a 100644 --- a/examples/wordpress/docker-compose.yml +++ b/examples/wordpress/docker-compose.yml @@ -1,22 +1,23 @@ -version: '3.3' - services: + wordpress-db: image: mariadb:10.11 container_name: wordpress-db hostname: wordpress-db + restart: unless-stopped command: '--default-authentication-plugin=mysql_native_password' + expose: + - 3306 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wordpress/mysql:/var/lib/mysql - restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=wordpressroot - MYSQL_DATABASE=wordpress - MYSQL_USER=wordpress - MYSQL_PASSWORD=wordpress #networks: - # - proxy - + # - proxy + wordpress: image: wordpress:latest container_name: wordpress @@ -34,7 +35,7 @@ services: - WORDPRESS_DB_PASSWORD=wordpress - WORDPRESS_DB_NAME=wordpress #networks: - # - proxy + # - proxy #labels: # - traefik.enable=true # - traefik.docker.network=proxy diff --git a/examples/yourls/docker-compose.yml b/examples/yourls/docker-compose.yml index 8da752f..e964cee 100644 --- a/examples/yourls/docker-compose.yml +++ b/examples/yourls/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.1' - services: yourls: @@ -34,6 +32,8 @@ services: image: mysql:latest container_name: yourls-db restart: unless-stopped + expose: + - 3306 environment: MYSQL_DATABASE: yourls MYSQL_USER: yourls