kopia lustrzana https://github.com/Haxxnet/Compose-Examples
Porównaj commity
12 Commity
a73d332ef9
...
37808b379a
Autor | SHA1 | Data |
---|---|---|
LRVT | 37808b379a | |
LRVT | 33c054c789 | |
LRVT | ad7bb0ea68 | |
LRVT | 3bdd982df5 | |
LRVT | 5a7e3faf2f | |
LRVT | 8f6f24e5e7 | |
LRVT | 28f1b77fb9 | |
LRVT | 1057d043cb | |
LRVT | 030c63f14e | |
LRVT | c91900bc21 | |
LRVT | 93111827ad | |
LRVT | 6e6b5c89d0 |
|
@ -7,7 +7,7 @@
|
|||
- https://docs.linuxserver.io/images/docker-readarr/
|
||||
- https://github.com/FlareSolverr/FlareSolverr
|
||||
- https://docs.linuxserver.io/images/docker-qbittorrent/
|
||||
- https://github.com/MarkusMcNugen/docker-qBittorrentvpn
|
||||
- https://hub.docker.com/r/qmcgaw/gluetun
|
||||
- https://docs.linuxserver.io/images/docker-emby/
|
||||
- https://docs.linuxserver.io/images/docker-jellyfin (alternative option to emby)
|
||||
|
||||
|
@ -18,6 +18,9 @@
|
|||
>
|
||||
> Use this docker stack responsibly!
|
||||
|
||||
> [!CAUTION]
|
||||
> This setup makes use of gluetun to obtain a vpn killswitch network. This requires a vpn provider like mullvad or others.
|
||||
|
||||
Docker stack consisting of various arr-services like:
|
||||
|
||||
- Prowlarr
|
||||
|
@ -34,11 +37,11 @@ Docker stack consisting of various arr-services like:
|
|||
- Used to bypass Cloudflare for prowlarr
|
||||
- You must add it at prowlarr as indexer with the tag `flaresolverr`
|
||||
- Qbittorrent
|
||||
- Used as download client, preferably behind VPN (e.g. socks5)
|
||||
- Used as download client; run behind gluetun vpn killswitch container
|
||||
- A temporary password for the `admin` user will be printed to the container log on startup. Change it immediately to a static one that does not change again.
|
||||
- [optional] Qbittorrent with OpenVPN killswitch
|
||||
- Spawns an OpenVPN connection with iptables killswitch to hide your IP to safely download ISOs.
|
||||
- Default user will be `admin` with the password `adminadmin`. Change it immediately to a static one that does not change again.
|
||||
- Gluetun
|
||||
- Used for establishing an openvpn/wireguard killswitch vpn connection for qbittorrent
|
||||
- Requires an active subscription for a vpn provider (e.g. Mullvad)
|
||||
- Emby / Jellyfin
|
||||
- Used to manage your media libraries and stream it from various devices
|
||||
|
||||
|
@ -48,8 +51,6 @@ The following bind mount volumes are defined:
|
|||
- holds the config files of an arr container
|
||||
- `/arr-suite/media/`
|
||||
- will hold your media files such as movies, music, books, tv-shows, qbittorrent downloads etc.
|
||||
|
||||
Note: You can replace the normal qbittorrent container with the commented one supporting OpenVPN kill switch. If so, you have to put your OpenVPN config, certificate and creds into the `/arr-suite/configs/qbittorrentvpn/openvpn/` directory. More information can be found [here](https://github.com/MarkusMcNugen/docker-qBittorrentvpn?tab=readme-ov-file#how-to-use-openvpn). Afterwards add the new qbittorrent as downloading client to your arr containers by using your Docker server's host IP address.
|
||||
|
||||
## Setup
|
||||
|
||||
|
@ -57,7 +58,7 @@ You can follow this Youtube tutorial on how to setup most of the arr application
|
|||
|
||||
https://www.youtube.com/watch?v=LD8-Qr3B2-o
|
||||
|
||||
**Note**: As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks!
|
||||
**Note**: As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks! The only exception is qbittorrent, which uses the vpn killswitch network of the gluetun container. Here, the gluetun container will expose qbittorrent's web ui on TCP/8080 and the IP address of your docker host server. Setup qbittorrent in all arr-applications using your server's local IP address, on which port 8080 is mapped to.
|
||||
|
||||
> [!WARNING]
|
||||
> We configured qbittorrent to use the non-default path `/media/downloads` for downloads.
|
||||
|
|
|
@ -4,7 +4,7 @@ services:
|
|||
|
||||
# image used to index torrent links from the internet
|
||||
prowlarr:
|
||||
image: lscr.io/linuxserver/prowlarr:latest
|
||||
image: linuxserver/prowlarr:latest
|
||||
container_name: arr-suite-prowlarr
|
||||
environment:
|
||||
- PUID=1000
|
||||
|
@ -29,7 +29,7 @@ services:
|
|||
|
||||
# image used to scan for tv shows
|
||||
sonarr:
|
||||
image: lscr.io/linuxserver/sonarr:latest
|
||||
image: linuxserver/sonarr:latest
|
||||
container_name: arr-suite-sonarr
|
||||
environment:
|
||||
- PUID=1000
|
||||
|
@ -55,7 +55,7 @@ services:
|
|||
|
||||
# image used to scan for movies
|
||||
radarr:
|
||||
image: lscr.io/linuxserver/radarr:latest
|
||||
image: linuxserver/radarr:latest
|
||||
container_name: arr-suite-radarr
|
||||
environment:
|
||||
- PUID=1000
|
||||
|
@ -81,7 +81,7 @@ services:
|
|||
|
||||
# image used to scan for music
|
||||
lidarr:
|
||||
image: lscr.io/linuxserver/lidarr:latest
|
||||
image: linuxserver/lidarr:latest
|
||||
container_name: arr-suite-lidarr
|
||||
environment:
|
||||
- PUID=1000
|
||||
|
@ -107,7 +107,7 @@ services:
|
|||
|
||||
# image used to scan for books
|
||||
readarr:
|
||||
image: lscr.io/linuxserver/readarr:develop
|
||||
image: linuxserver/readarr:develop
|
||||
container_name: arr-suite-readarr
|
||||
environment:
|
||||
- PUID=1000
|
||||
|
@ -146,27 +146,23 @@ services:
|
|||
#networks:
|
||||
# - proxy
|
||||
|
||||
# image used to download stuff
|
||||
qbittorrent:
|
||||
image: lscr.io/linuxserver/qbittorrent:latest
|
||||
container_name: arr-suite-qbittorrent
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Europe/Berlin
|
||||
- WEBUI_PORT=8080
|
||||
- TORRENTING_PORT=6881
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config # contains all relevant configuration files
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads # location of downloads on disk
|
||||
expose:
|
||||
- 8080/tcp # web ui
|
||||
- 6881/tcp # tcp connection port
|
||||
- 6881/udp # udp connection port
|
||||
# image used for vpn killswitch network
|
||||
gluetun:
|
||||
image: qmcgaw/gluetun:latest
|
||||
container_name: arr-suite-gluetun
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
ports:
|
||||
- 8080:8080/tcp # web ui
|
||||
- 6881:6881/tcp # tcp connection port
|
||||
- 6881:6881/udp # udp connection port
|
||||
- 8080:8080 # qbittorrent http web ui
|
||||
environment:
|
||||
# see https://github.com/qdm12/gluetun-wiki for more details
|
||||
# example envs based on https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md
|
||||
- VPN_SERVICE_PROVIDER=mullvad # define the vpn provider
|
||||
- VPN_TYPE=wireguard # define the vpn protocol to use
|
||||
- WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # define your wireguard private key here
|
||||
- WIREGUARD_ADDRESSES=10.64.222.21/32 # define the ipv4 vpn network subnet here
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/gluetun:/gluetun
|
||||
restart: unless-stopped
|
||||
#networks:
|
||||
# - proxy
|
||||
|
@ -178,46 +174,26 @@ services:
|
|||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.qbittorrent.middlewares=local-ipwhitelist@file
|
||||
|
||||
# image used to download stuff over openvpn (e.g. mullvad)
|
||||
#qbittorrentvpn:
|
||||
# image: markusmcnugen/qbittorrentvpn
|
||||
# container_name: arr-suite-qbittorrentvpn
|
||||
# privileged: true
|
||||
# sysctls:
|
||||
# - net.ipv6.conf.all.disable_ipv6=0
|
||||
# volumes:
|
||||
# - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrentvpn:/config # contains all relevant configuration files; put your vpn config into the openvpn dir
|
||||
# - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads # location of downloads on disk
|
||||
# - /etc/localtime:/etc/localtime:ro
|
||||
# environment:
|
||||
# - VPN_ENABLED=yes
|
||||
# - LAN_NETWORK=192.168.1.0/24
|
||||
# - NAME_SERVERS=8.8.8.8,8.8.4.4
|
||||
# - WEBUI_PORT_ENV=8080
|
||||
# - UMASK=002
|
||||
# - PUID=1000
|
||||
# - PGID=1000
|
||||
# - INCOMING_PORT_ENV=8999
|
||||
# expose:
|
||||
# - 8080/tcp
|
||||
# - 8999/tcp
|
||||
# - 8999/udp
|
||||
# ports:
|
||||
# - 8080:8080/tcp # map web ui for prowlarr and co.
|
||||
# restart: unless-stopped
|
||||
# networks:
|
||||
# - proxy
|
||||
# labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.qbittorrentvpn.rule=Host(`qbittorrentvpn.example.com`)
|
||||
# - traefik.http.services.qbittorrentvpn.loadbalancer.server.port=8080
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.qbittorrentvpn.middlewares=local-ipwhitelist@file
|
||||
# image used to download stuff; run over gluetun network (vpn killswitch)
|
||||
qbittorrent:
|
||||
image: linuxserver/qbittorrent:latest
|
||||
container_name: arr-suite-qbittorrent
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Europe/Berlin
|
||||
- WEBUI_PORT=8080
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads
|
||||
depends_on:
|
||||
- gluetun
|
||||
network_mode: container:arr-suite-gluetun # use the gluetun container network (vpn killswitch)
|
||||
restart: unless-stopped
|
||||
|
||||
# image used to manage media and stream it
|
||||
emby:
|
||||
image: lscr.io/linuxserver/emby:latest
|
||||
image: linuxserver/emby:latest
|
||||
container_name: arr-suite-emby
|
||||
environment:
|
||||
- PUID=1000
|
||||
|
@ -251,7 +227,7 @@ services:
|
|||
|
||||
# image used to manage media and stream it
|
||||
#jellyfin:
|
||||
# image: lscr.io/linuxserver/jellyfin:latest
|
||||
# image: linuxserver/jellyfin:latest
|
||||
# container_name: arr-suite-jellyfin
|
||||
# environment:
|
||||
# - PUID=1000
|
||||
|
|
|
@ -4,16 +4,17 @@
|
|||
###############################################################
|
||||
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
address: 'tcp://:9091/'
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
||||
theme: dark
|
||||
|
||||
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
|
||||
jwt_secret: a_very_important_secret
|
||||
default_redirection_url: https://auth.example.com # replace with your domain name
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: unsecure_jwt_secret
|
||||
|
||||
totp:
|
||||
issuer: authelia.com
|
||||
|
||||
|
@ -59,10 +60,13 @@ session:
|
|||
name: authelia_session
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
|
||||
secret: unsecure_session_secret
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
domain: example.com # Should match whatever your root protected domain is
|
||||
|
||||
expiration: 1h # 1 hour
|
||||
inactivity: 5m # 5 minutes
|
||||
cookies:
|
||||
- domain: lrvt.de
|
||||
authelia_url: 'https://example.com'
|
||||
default_redirection_url: 'https://www.example.com' # must be diffent to authelia_url
|
||||
|
||||
redis:
|
||||
host: authelia-redis
|
||||
port: 6379
|
||||
|
@ -92,9 +96,9 @@ notifier:
|
|||
# username: test
|
||||
# # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
|
||||
# password: password
|
||||
# host: mail.example.com
|
||||
# port: 25
|
||||
# sender: admin@example.com
|
||||
# host: smtp.gmail.com
|
||||
# port: 465
|
||||
# sender: "MySender <admin@example.com>"
|
||||
filesystem:
|
||||
filename: /config/notifications.txt
|
||||
...
|
||||
|
|
|
@ -12,6 +12,8 @@ services:
|
|||
restart: unless-stopped
|
||||
ports:
|
||||
- 8080:80
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.http.routers.nginx.rule=Host(`nginx.example.com`)
|
||||
|
@ -31,3 +33,9 @@ services:
|
|||
working_dir: /var/www
|
||||
expose:
|
||||
- 9000
|
||||
#networks:
|
||||
# - proxy
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
||||
|
|
|
@ -43,12 +43,14 @@ http:
|
|||
middlewares:
|
||||
# Only Allow Local networks
|
||||
local-ipwhitelist:
|
||||
ipWhiteList:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32 # localhost
|
||||
- 10.0.0.0/8 # private class A
|
||||
- 172.16.0.0/12 # private class B
|
||||
- 192.168.0.0/16 # private class C
|
||||
#ipstrategy: # enable this when cloudflare proxy in use
|
||||
# depth: 1 # enable this when cloudflare proxy in use
|
||||
|
||||
# Security headers
|
||||
security-headers:
|
||||
|
@ -79,15 +81,15 @@ http:
|
|||
#contentSecurityPolicy: "default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content" # Content-Security-Policy (CSP)
|
||||
|
||||
# Authelia guard
|
||||
authelia:
|
||||
forwardauth:
|
||||
address: http://authelia:9091/api/verify?rd=https://auth.example.com/ # replace example.com with your domain name
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- Remote-User
|
||||
- Remote-Groups
|
||||
- Remote-Name
|
||||
- Remote-Email
|
||||
#authelia:
|
||||
# forwardauth:
|
||||
# address: http://authelia:9091/api/authz/forward-auth # replace example.com with your domain name
|
||||
# trustForwardHeader: true
|
||||
# authResponseHeaders:
|
||||
# - Remote-User
|
||||
# - Remote-Groups
|
||||
# - Remote-Name
|
||||
# - Remote-Email
|
||||
|
||||
# rate limiting
|
||||
rate-limit:
|
||||
|
|
Ładowanie…
Reference in New Issue