▍Все контейнеры в docker-compose.yml¶
Подготовительный этап¶
Создадим структуру директорий:
Зададим переменные с нашими директориями:
/srv/docker/.env
DIR_CONF=/srv/docker/conf
DIR_BUILD=/srv/docker/build
DIR_DATA=/srv/data
DIR_WWW=/srv/www
DIR_LOGS=/srv/logs
Docker-compose.yml¶
/srv/docker/docker-compose.yml
# Пропишем версию
version: '3.3'
# Перечислим сервисы
services:
traefik:
image: traefik:latest
container_name: traefik
restart: always
security_opt:
- no-new-privileges:true
ports:
- 192.168.0.111:80:80
- 192.168.0.111:443:443/tcp
- 192.168.0.111:443:443/udp
environment:
- SELECTEL_API_TOKEN=EfRBHW6kKKDJfAZm2nSf7GEPZSesuXUJd
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- $DIR_CONF/traefik/traefik.yml:/traefik.yml:ro
- $DIR_CONF/traefik/acme.json:/acme.json
- $DIR_CONF/traefik/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.example.ru`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=traefik:$$apr1$$2Zn1nUu4$$pkolhgkp1KRDht2do7N/1." # echo $(htpasswd -nb traefik passw0rd) | sed -e s/\\$/\\$\\$/g
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.example.ru`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=selectel"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=example.ru"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.example.ru"
- "traefik.http.middlewares.WhitelistHome.ipwhitelist.sourcerange=172.18.0.0/24, 192.168.0.0/16, 172.20.0.0/24"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "com.centurylinklabs.watchtower.enable=true"
filebeat:
image: registry.example.ru/filebeat:8.4.3
container_name: filebeat
entrypoint: "filebeat -e -strict.perms=false"
volumes:
- $DIR_CONF/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $DIR_LOGS/nginx:/var/log/nginx
nginx:
image: nginx:latest
container_name: nginx
restart: always
ports:
- "192.168.0.111:80:80"
volumes:
- $DIR_WWW:/www
- $DIR_CONF/nginx/nginx.conf:/etc/nginx/nginx.conf
- $DIR_CONF/nginx/sites-enabled:/etc/nginx/sites-enabled
- $DIR_LOGS/nginx:/var/log/nginx
- /etc/localtime:/etc/localtime:ro
depends_on:
- php56
- php7
labels:
- "traefik.enable=true"
- "traefik.http.routers.nginx.rule=Host(`example.ru`, `www.example.ru`, `site.example.ru`)"
- "traefik.http.routers.nginx.entrypoints=https"
- "traefik.http.routers.nginx.middlewares=default-headers@file"
- "traefik.http.routers.nginx.tls=true"
- "traefik.http.services.nginx.loadbalancer.server.port=80"
- "com.centurylinklabs.watchtower.enable=true"
vault:
image: vault
container_name: vault
restart: always
command: vault server -config=/vault/config/vault.json
environment:
- VAULT_ADDR=http://0.0.0.0:8200
- VAULT_API_ADDR=http://0.0.0.0:8200
- VAULT_ADDRESS=http://0.0.0.0:8200
volumes:
- $DIR_CONF/vault:/vault
- $DIR_CONF/vault/file:/vault/file
cap_add:
- IPC_LOCK
labels:
- "traefik.enable=true"
- "traefik.http.routers.vault.rule=Host(`vault.example.ru`)"
- "traefik.http.routers.vault.entrypoints=https"
- "traefik.http.routers.vault.tls=true"
- "traefik.http.routers.vault.middlewares=WhitelistHome"
- "traefik.http.services.vault.loadbalancer.server.port=8200"
- "com.centurylinklabs.watchtower.enable=true"
photoprism:
image: photoprism/photoprism:latest
container_name: photoprism
restart: unless-stopped
depends_on:
- mysql
security_opt:
- seccomp:unconfined
- apparmor:unconfined
environment:
PHOTOPRISM_ADMIN_PASSWORD: "" # INITIAL PASSWORD FOR "admin" USER, MINIMUM 8 CHARACTERS
PHOTOPRISM_AUTH_MODE: "public" # authentication mode (public, password)
PHOTOPRISM_SITE_URL: "https://photoprism.example.ru/" # public server URL incl http:// or https:// and /path, :port is optional
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
PHOTOPRISM_DISABLE_TENSORFLOW: "true" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_FACES: "true" # disables face detection and recognition (requires TensorFlow)
PHOTOPRISM_DISABLE_CLASSIFICATION: "true" # disables image classification (requires TensorFlow)
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW files
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance)
PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
PHOTOPRISM_DATABASE_SERVER: "mysql:3306" # MariaDB or MySQL database server (hostname:port)
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
PHOTOPRISM_DATABASE_PASSWORD: "password" # MariaDB or MySQL database user password
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
PHOTOPRISM_SITE_AUTHOR: "Name" # meta site author
PHOTOPRISM_DEFAULT_LOCALE: "ru"
working_dir: "/photoprism" # do not change or remove
volumes:
- "$DIR_DATA/foto:/photoprism/originals" # Original media files (DO NOT REMOVE)
- "$DIR_CONF/photoprism/storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
labels:
- "traefik.enable=true"
- "traefik.http.routers.photoprism.rule=Host(`photoprism.example.ru`)"
- "traefik.http.routers.photoprism.entrypoints=https"
- "traefik.http.routers.photoprism.tls=true"
- "traefik.http.routers.photoprism.middlewares=WhitelistHome,authelia@docker"
- "traefik.http.services.photoprism.loadbalancer.server.port=2342"
- "com.centurylinklabs.watchtower.enable=true"
pihole:
image: pihole/pihole:latest
container_name: pihole
restart: always
ports:
- "192.168.0.111:53:53/udp"
- "192.168.0.111:53:53/tcp"
environment:
- TZ=Europe/Moscow
- WEBPASSWORD=password
- VIRTUAL_HOST=pihole.example.ru
volumes:
- $DIR_CONF/pihole/conf:/etc/pihole
- $DIR_CONF/pihole/dnsmasq.d:/etc/dnsmasq.d
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.entrypoints=http"
- "traefik.http.routers.pihole.rule=Host(`pihole.example.ru`)"
- "traefik.http.middlewares.pihole-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.pihole-secure.middlewares=WhitelistHome"
- "traefik.http.routers.pihole.middlewares=pihole-https-redirect"
- "traefik.http.routers.pihole-secure.entrypoints=https"
- "traefik.http.routers.pihole-secure.rule=Host(`pihole.example.ru`)"
- "traefik.http.routers.pihole-secure.tls=true"
- "traefik.http.routers.pihole-secure.service=pihole"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "com.centurylinklabs.watchtower.enable=true"
nextcloud:
image: nextcloud:latest
container_name: nextcloud
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- $DIR_WWW/nextcloud.example.ru:/var/www/html
- $DIR_DATA/nextcloud:/data
depends_on:
- mysql
- redis
environment:
REDIS_HOST: redis
MYSQL_HOST: mysql:3306
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_PASSWORD: password
TRUSTED_PROXIES: traefik
NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.example.ru
NEXTCLOUD_DATA_DIR: /data
SMTP_HOST: smtp.mail.ru
SMTP_SECURE: tls
SMTP_PORT: 587
SMTP_NAME: noreply@example.ru
SMTP_PASSWORD: password
MAIL_FROM_ADDRESS: noreply@example.ru
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect"
- "traefik.http.routers.nextcloud.tls=true"
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.ru`)"
- "traefik.http.routers.nextcloud.middlewares=default-headers@file,nextcloud_redirect"
- "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://nextcloud.example.ru"
- "traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' nextcloud.example.ru *.example.ru"
- "traefik.http.middlewares.nextcloud_redirect.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=https://$${1}/remote.php/dav/"
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
- SIGNUPS_ALLOWED=false
volumes:
- $DIR_CONF/vaultwarden:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.tls=true"
- "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.example.ru`)"
uptimekuma:
image: louislam/uptime-kuma:latest
container_name: uptimekuma
restart: unless-stopped
volumes:
- $DIR_CONF/uptimekuma:/app/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.uptimekuma.entrypoints=http"
- "traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.example.ru`)"
- "traefik.http.middlewares.uptimekuma-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.uptimekuma-secure.middlewares=WhitelistHome"
- "traefik.http.routers.uptimekuma.middlewares=uptimekuma-https-redirect"
- "traefik.http.routers.uptimekuma-secure.entrypoints=https"
- "traefik.http.routers.uptimekuma-secure.rule=Host(`uptimekuma.example.ru`)"
- "traefik.http.routers.uptimekuma-secure.tls=true"
- "traefik.http.routers.uptimekuma-secure.service=uptimekuma"
- "traefik.http.services.uptimekuma.loadbalancer.server.port=3001"
- "com.centurylinklabs.watchtower.enable=true"
authelia:
image: authelia/authelia
container_name: authelia
restart: always
volumes:
- $DIR_CONF/authelia:/config
environment:
- TZ=Europe/Moscow
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`authelia.example.ru`)'
- 'traefik.http.routers.authelia.entrypoints=https'
- 'traefik.http.routers.authelia.tls=true'
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.ru/'
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
- 'traefik.http.middlewares.authelia-basic.forwardauth.address=http://authelia:9091/api/verify?auth=basic'
- 'traefik.http.middlewares.authelia-basic.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
prometheus:
image: prom/prometheus
restart: always
container_name: prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/usr/share/prometheus/console_libraries'
- '--web.console.templates=/usr/share/prometheus/consoles'
ports:
- "9090:9090"
depends_on:
- cadvisor
volumes:
- $DIR_CONF/prometheus:/etc/prometheus
- $DIR_DATA/prometheus:/prometheus
labels:
- "com.centurylinklabs.watchtower.enable=true"
alertmanager:
image: prom/alertmanager
restart: always
container_name: alertmanager
command:
- '--config.file=/etc/alertmanager/alertmanager.yml'
- '--storage.path=/alertmanager'
ports:
- "9093:9093"
volumes:
- $DIR_CONF/alertmanager:/etc/alertmanager
node:
image: prom/node-exporter
restart: always
container_name: node
ports:
- "9100:9100"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /:/host:ro,rslave
command:
- '--path.rootfs=/host'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- --collector.filesystem.ignored-mount-points
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
cadvisor:
image: gcr.io/cadvisor/cadvisor
restart: always
container_name: cadvisor
devices:
- "/dev/kmsg:/dev/kmsg"
ports:
- "8080:8080"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
restart: always
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.example.ru'
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.mail.ru"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "noreply@example.ru"
gitlab_rails['smtp_password'] = "password"
gitlab_rails['smtp_domain'] = "mail.ru"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
gitlab_rails['gitlab_email_from'] = 'noreply@example.ru'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.ru'
shm_size: '256m'
volumes:
- $DIR_CONF/gitlab:/etc/gitlab
- $DIR_DATA/gitlab:/var/opt/gitlab
- /etc/localtime:/etc/localtime:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitlab.entrypoints=http"
- "traefik.http.routers.gitlab.rule=Host(`gitlab.example.ru`)"
- "traefik.http.middlewares.gitlab-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.gitlab-secure.middlewares=WhitelistHome"
- "traefik.http.routers.gitlab.middlewares=gitlab-https-redirect"
- "traefik.http.routers.gitlab-secure.entrypoints=https"
- "traefik.http.routers.gitlab-secure.rule=Host(`gitlab.example.ru`)"
- "traefik.http.routers.gitlab-secure.tls=true"
- "traefik.http.routers.gitlab-secure.service=gitlab"
- "traefik.http.services.gitlab.loadbalancer.server.port=80"
- "com.centurylinklabs.watchtower.enable=true"
gitlab-runner:
image: 'gitlab/gitlab-runner:latest'
container_name: gitlab-runner
restart: always
links:
- gitlab
volumes:
- $DIR_CONF/gitlab-runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
heimdall:
image: linuxserver/heimdall:latest
container_name: heimdall
restart: always
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Moscow
volumes:
- $DIR_CONF/heimdall:/config
labels:
- "traefik.enable=true"
- "traefik.http.routers.heimdall.rule=Host(`heimdall.example.ru`)"
- "traefik.http.routers.heimdall.entrypoints=https"
- "traefik.http.routers.heimdall.tls=true"
- "traefik.http.routers.heimdall.middlewares=WhitelistHome,authelia@docker"
- "com.centurylinklabs.watchtower.enable=true"
mosquitto:
image: eclipse-mosquitto
container_name: mosquitto
restart: always
volumes:
- $DIR_CONF/mosquitto:/mosquitto
zigbee2mqtt:
image: koenkk/zigbee2mqtt
container_name: zigbee2mqtt
restart: always
depends_on:
- mosquitto
environment:
- TZ=Europe/Moscow
volumes:
- $DIR_CONF/zigbee2mqtt:/app/data
- /run/udev:/run/udev:ro
devices:
- /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_b8e81ef55b29ec119d78757840c9ce8d-if00-port0:/dev/ttyACM0
labels:
- "traefik.enable=true"
- "traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee.example.ru`)"
- "traefik.http.routers.zigbee2mqtt.entrypoints=https"
- "traefik.http.routers.zigbee2mqtt.tls=true"
- "traefik.http.routers.zigbee2mqtt.middlewares=WhitelistHome"
- "traefik.http.services.zigbee2mqtt.loadbalancer.server.port=80"
- "com.centurylinklabs.watchtower.enable=true"
homeassistant:
image: homeassistant/home-assistant:latest
container_name: homeassistant
restart: always
volumes:
- $DIR_CONF/homeassistant:/config
labels:
- "traefik.enable=true"
- "traefik.http.routers.homeassistant.entrypoints=http"
- "traefik.http.routers.homeassistant.rule=Host(`homeassistant.example.ru`)"
- "traefik.http.middlewares.homeassistant-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.homeassistant.middlewares=homeassistant-https-redirect"
- "traefik.http.routers.homeassistant-secure.entrypoints=https"
- "traefik.http.routers.homeassistant-secure.rule=Host(`homeassistant.example.ru`)"
- "traefik.http.routers.homeassistant-secure.tls=true"
- "traefik.http.routers.homeassistant-secure.service=homeassistant"
- "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
ytdl_material:
image: tzahi12345/youtubedl-material:latest
container_name: ytdl
restart: always
environment:
- ALLOW_CONFIG_MUTATIONS=true
- ytdl_use_local_db=true
- write_ytdl_config=true
volumes:
- $DIR_CONF/ytdl/appdata:/app/appdata
- $DIR_MEDIA/YOUTUBE:/app/video
- $DIR_CONF/ytdl/subscriptions:/app/subscriptions
- $DIR_CONF/ytdl/users:/app/users
labels:
- "traefik.enable=true"
- "traefik.http.routers.ytdl.rule=Host(`ytdl.example.ru`)"
- "traefik.http.routers.ytdl.entrypoints=https"
- "traefik.http.routers.ytdl.tls=true"
- "traefik.http.routers.ytdl.middlewares=WhitelistHome,authelia@docker"
- "traefik.http.services.ytdl.loadbalancer.server.port=17442"
- "com.centurylinklabs.watchtower.enable=true"
duplicati:
image: linuxserver/duplicati:latest
container_name: duplicati
restart: always
environment:
- PUID=0
- PGID=0
- TZ=Europe/Moscow
volumes:
- $DIR_CONF/duplicati:/config
- /mnt/BACKUP:/backups
- /srv:/source
labels:
- "traefik.enable=true"
- "traefik.http.routers.duplicati.rule=Host(`duplicati.example.ru`)"
- "traefik.http.routers.duplicati.entrypoints=https"
- "traefik.http.routers.duplicati.tls=true"
- "traefik.http.services.duplicati.loadbalancer.server.port=8200"
- "traefik.http.routers.duplicati.middlewares=WhitelistHome,authelia@docker"
- "com.centurylinklabs.watchtower.enable=true"
minio:
image: quay.io/minio/minio
container_name: minio
restart: always
command: server /data --address ":9000" --console-address ":9001"
environment:
MINIO_ROOT_USER: minio
MINIO_ROOT_PASSWORD: miniopassword
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
volumes:
- $DIR_DATA/minio:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.minio.rule=Host(`minio.example.ru`)"
- "traefik.http.routers.minio.entrypoints=https"
- "traefik.http.routers.minio.tls=true"
- "traefik.http.routers.minio.middlewares=WhitelistHome"
- "traefik.http.services.minio.loadbalancer.server.port=9001"
- "com.centurylinklabs.watchtower.enable=true"
redis:
image: redis:5.0-alpine
container_name: redis
restart: always
command: redis-server --appendonly yes
healthcheck:
test: ["CMD", "redis-cli", "ping"]
volumes:
- $DIR_DATA/redis:/data
- /etc/localtime:/etc/localtime:ro
ports:
- "6379:6379"
mysql:
image: mariadb:10.8
restart: always
container_name: mysql
#command: /usr/sbin/mysqld
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-S", "/var/lib/mysql/mysqld.sock", "--silent"]
interval: 5s
timeout: 5s
retries: 10
ports:
- "3306:3306"
volumes:
- $DIR_CONF/mysql/50-server.cnf:/etc/mysql/mariadb.conf.d/50-server.cnf
- $DIR_DATA/mysql:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin
environment:
- PMA_ARBITRARY=0
- PMA_HOSTS=mysql
- UPLOAD_LIMIT=100M
- HIDE_PHP_VERSION=true
restart: always
volumes:
- $DIR_CONF/phpmyadmin/session:/sessions
- /etc/localtime:/etc/localtime:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.pma.entrypoints=http"
- "traefik.http.routers.pma.rule=Host(`phpmyadmin.example.ru`)"
- "traefik.http.middlewares.pma-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.pma-secure.middlewares=WhitelistHome"
- "traefik.http.routers.pma.middlewares=pma-https-redirect"
- "traefik.http.routers.pma-secure.entrypoints=https"
- "traefik.http.routers.pma-secure.rule=Host(`phpmyadmin.example.ru`)"
- "traefik.http.routers.pma-secure.tls=true"
- "traefik.http.routers.pma-secure.service=pma"
- "traefik.http.services.pma.loadbalancer.server.port=80"
- "com.centurylinklabs.watchtower.enable=true"
portainer:
image: portainer/portainer-ce
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- $DIR_CONF/portainer/data:/data
- /etc/localtime:/etc/localtime:ro
environment:
- TZ=Europe/Moscow
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`portainer.example.ru`)"
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.portainer-secure.middlewares=WhitelistHome"
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
- "traefik.http.routers.portainer-secure.entrypoints=https"
- "traefik.http.routers.portainer-secure.rule=Host(`portainer.example.ru`)"
- "traefik.http.routers.portainer-secure.tls=true"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "com.centurylinklabs.watchtower.enable=true"
watchtower:
image: containrrr/watchtower
container_name: watchtower
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_INCLUDE_RESTARTING=true
labels:
- "com.centurylinklabs.watchtower.enable=true"
ocs:
image: ocsinventory/ocsinventory-docker-image:latest
container_name: ocs
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
environment :
OCS_DB_SERVER: mysql
OCS_DB_USER: ocs
OCS_DB_PASS: password
OCS_DB_NAME: ocs
depends_on:
- mysql
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocs.entrypoints=http"
- "traefik.http.routers.ocs.rule=Host(`ocs.example.ru`)"
- "traefik.http.middlewares.ocs-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.ocs-secure.middlewares=WhitelistHome"
- "traefik.http.routers.ocs.middlewares=ocs-https-redirect"
- "traefik.http.routers.ocs-secure.entrypoints=https"
- "traefik.http.routers.ocs-secure.rule=Host(`ocs.example.ru`)"
- "traefik.http.routers.ocs-secure.tls=true"
- "traefik.http.routers.ocs-secure.service=ocs"
- "traefik.http.services.ocs.loadbalancer.server.port=80"
- "com.centurylinklabs.watchtower.enable=true"
zabbix-web-nginx-mysql:
image: zabbix/zabbix-web-nginx-mysql:latest
container_name: zabbix-web
restart: always
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
environment:
DB_SERVER_HOST: mysql
MYSQL_DATABASE: zabbix
MYSQL_USER: zabbix
MYSQL_PASSWORD: password
volumes:
- /etc/localtime:/etc/localtime:ro
labels:
labels:
- "traefik.enable=true"
- "traefik.http.routers.zabbix.rule=Host(`zabbix.example.ru`)"
- "traefik.http.routers.zabbix.entrypoints=https"
- "traefik.http.routers.zabbix.tls=true"
- "traefik.http.services.zabbix.loadbalancer.server.port=8080"
- "traefik.http.routers.zabbix.middlewares=WhitelistHome"
- "com.centurylinklabs.watchtower.enable=true"
zabbix-java-gateway:
image: zabbix/zabbix-java-gateway:latest
container_name: zabbix-gateway
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
zabbix-server-mysql:
image: zabbix/zabbix-server-mysql:latest
container_name: zabbix-server
restart: always
depends_on:
- zabbix-java-gateway
environment:
DB_SERVER_HOST: mysql
MYSQL_DATABASE: zabbix
MYSQL_USER: zabbix
MYSQL_PASSWORD: password
ZBX_JAVAGATEWAY: zabbix-java-gateway
volumes:
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
zabbix-server-mysql:
image: zabbix/zabbix-server-mysql:latest
container_name: zabbix-server
restart: always
depends_on:
- zabbix-java-gateway
environment :
DB_SERVER_HOST: mysql
MYSQL_DATABASE: zabbix
MYSQL_USER: zabbix
MYSQL_PASSWORD: password
ZBX_JAVAGATEWAY: zabbix-java-gateway
volumes:
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
php56:
image: daffin/php5.6-fpm
build: $DIR_BUILD/php56
container_name: php56
restart: always
volumes:
- $DIR_WWW/site.example.ru:/media/www/srv/site.example.ru
- $DIR_CONF/php-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf
- $DIR_LOGS/php-fpm/php56:/var/log/php
- /etc/localtime:/etc/localtime:ro
php7:
image: daffin/php7.3-fpm
build: $DIR_BUILD/php73
container_name: php7
restart: always
volumes:
- $DIR_WWW/example.ru:/media/www/srv/example.ru
- $DIR_LOGS/php-fpm/php7:/var/log/php
- /etc/localtime:/etc/localtime:ro
calibre:
image: linuxserver/calibre-web
container_name: calibre
restart: always
volumes:
- $DIR_CONF/calibre:/config
- $DIR_DATA/calibre:/books
- /etc/localtime:/etc/localtime:ro
environment:
PUID: 1000
PGID: 1000
labels:
- "traefik.enable=true"
- "traefik.http.routers.calibre.entrypoints=http"
- "traefik.http.routers.calibre.rule=Host(`calibre.example.ru`)"
- "traefik.http.middlewares.calibre-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.calibre-secure.middlewares=WhitelistHome"
- "traefik.http.routers.calibre.middlewares=calibre-https-redirect"
- "traefik.http.routers.calibre-secure.entrypoints=https"
- "traefik.http.routers.calibre-secure.rule=Host(`calibre.example.ru`)"
- "traefik.http.routers.calibre-secure.tls=true"
- "traefik.http.routers.calibre-secure.service=calibre"
- "traefik.http.services.calibre.loadbalancer.server.port=8083"
rutorrent:
image: linuxserver/rutorrent
container_name: rutorrent
restart: always
environment:
- PUID=1000
- PGID=1000
ports:
- 51413:51413
- 6881:6881/udp
volumes:
- $DIR_CONF/rutorrent:/config
- $DIR_DATA/rutorrent:/downloads
labels:
- "traefik.enable=true"
- "traefik.http.routers.rutorrent.rule=Host(`rutorrent.example.ru`)"
- "traefik.http.routers.rutorrent.entrypoints=https"
- "traefik.http.routers.rutorrent.tls=true"
- "traefik.http.routers.rutorrent.middlewares=WhitelistHome"
- "com.centurylinklabs.watchtower.enable=true"
registry:
image: registry:latest
container_name: registry
restart: always
volumes:
- $DIR_DATA/registry:/var/lib/registry
- $DIR_CONF/registry/auth:/auth
- /etc/localtime:/etc/localtime:ro
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
labels:
- "traefik.enable=true"
- "traefik.http.routers.registry.rule=Host(`registry.example.ru`)"
- "traefik.http.routers.registry.entrypoints=https"
- "traefik.http.routers.registry.tls=true"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
- "com.centurylinklabs.watchtower.enable=true"
codeserver:
image: codercom/code-server
container_name: codeserver
restart: always
command: --auth none --disable-telemetry
volumes:
- $DIR_CONF/codeserver/coder:/home/coder
- /etc/localtime:/etc/localtime:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.codeserver.entrypoints=http"
- "traefik.http.routers.codeserver.rule=Host(`codeserver.example.ru`)"
- "traefik.http.middlewares.codeserver-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.codeserver-secure.middlewares=WhitelistHome,authelia@docker"
- "traefik.http.routers.codeserver.middlewares=codeserver-https-redirect"
- "traefik.http.routers.codeserver-secure.entrypoints=https"
- "traefik.http.routers.codeserver-secure.rule=Host(`codeserver.example.ru`)"
- "traefik.http.routers.codeserver-secure.tls=true"
- "traefik.http.routers.codeserver-secure.service=codeserver"
- "traefik.http.services.codeserver.loadbalancer.server.port=8080"
- "com.centurylinklabs.watchtower.enable=true"
grafana:
image: grafana/grafana-oss:latest
container_name: grafana
restart: always
volumes:
- $DIR_DATA/grafana:/var/lib/grafana
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.example.ru`)"
- "traefik.http.routers.grafana.entrypoints=https"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
- "traefik.http.routers.grafana.middlewares=WhitelistHome"
- "com.centurylinklabs.watchtower.enable=true"
trilium:
image: zadam/trilium:0.45-latest
container_name: trilium
restart: always
environment:
- TRILIUM_DATA_DIR=/data
volumes:
- $DIR_DATA/trilium:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.trilium.rule=Host(`trilium.example.ru`)"
- "traefik.http.routers.trilium.entrypoints=https"
- "traefik.http.routers.trilium.tls=true"
- "traefik.http.routers.trilium.middlewares=authelia@docker"
- "traefik.http.services.trilium.loadbalancer.server.port=8080"
- "com.centurylinklabs.watchtower.enable=true"
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
restart: always
volumes:
- $DIR_CONF/jellyfin/config:/config
- $DIR_DATA/ФИЛЬМЫ:/data/movies:ro
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Moscow
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.example.ru`)"
- "traefik.http.routers.jellyfin.entrypoints=https"
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
- "traefik.http.routers.jellyfin.middlewares=WhitelistHome,default-headers@file"
- "com.centurylinklabs.watchtower.enable=true"