feat: tailscale sidecar
This commit is contained in:
@@ -96,8 +96,7 @@ services:
|
|||||||
image: ghcr.io/berriai/litellm:main-latest
|
image: ghcr.io/berriai/litellm:main-latest
|
||||||
container_name: ${AI_COMPOSE_PROJECT_NAME}_litellm
|
container_name: ${AI_COMPOSE_PROJECT_NAME}_litellm
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
dns:
|
network_mode: "service:tailscale"
|
||||||
- 100.100.100.100 # Tailscale's MagicDNS resolver
|
|
||||||
environment:
|
environment:
|
||||||
TZ: ${TIMEZONE:-Europe/Berlin}
|
TZ: ${TIMEZONE:-Europe/Berlin}
|
||||||
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
|
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
|
||||||
@@ -188,8 +187,7 @@ services:
|
|||||||
image: nginx:alpine
|
image: nginx:alpine
|
||||||
container_name: ${AI_COMPOSE_PROJECT_NAME}_comfyui
|
container_name: ${AI_COMPOSE_PROJECT_NAME}_comfyui
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
dns:
|
network_mode: "service:tailscale"
|
||||||
- 100.100.100.100 # Tailscale's MagicDNS resolver
|
|
||||||
environment:
|
environment:
|
||||||
TZ: ${TIMEZONE:-Europe/Berlin}
|
TZ: ${TIMEZONE:-Europe/Berlin}
|
||||||
GPU_SERVICE_HOST: ${GPU_TAILSCALE_HOST}
|
GPU_SERVICE_HOST: ${GPU_TAILSCALE_HOST}
|
||||||
@@ -222,8 +220,7 @@ services:
|
|||||||
image: nginx:alpine
|
image: nginx:alpine
|
||||||
container_name: ${AI_COMPOSE_PROJECT_NAME}_audiocraft
|
container_name: ${AI_COMPOSE_PROJECT_NAME}_audiocraft
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
dns:
|
network_mode: "service:tailscale"
|
||||||
- 100.100.100.100 # Tailscale's MagicDNS resolver
|
|
||||||
environment:
|
environment:
|
||||||
TZ: ${TIMEZONE:-Europe/Berlin}
|
TZ: ${TIMEZONE:-Europe/Berlin}
|
||||||
GPU_SERVICE_HOST: ${GPU_TAILSCALE_HOST}
|
GPU_SERVICE_HOST: ${GPU_TAILSCALE_HOST}
|
||||||
@@ -256,8 +253,7 @@ services:
|
|||||||
image: nginx:alpine
|
image: nginx:alpine
|
||||||
container_name: ${AI_COMPOSE_PROJECT_NAME}_upscale
|
container_name: ${AI_COMPOSE_PROJECT_NAME}_upscale
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
dns:
|
network_mode: "service:tailscale"
|
||||||
- 100.100.100.100 # Tailscale's MagicDNS resolver
|
|
||||||
environment:
|
environment:
|
||||||
TZ: ${TIMEZONE:-Europe/Berlin}
|
TZ: ${TIMEZONE:-Europe/Berlin}
|
||||||
GPU_SERVICE_HOST: ${GPU_TAILSCALE_HOST}
|
GPU_SERVICE_HOST: ${GPU_TAILSCALE_HOST}
|
||||||
@@ -291,8 +287,7 @@ services:
|
|||||||
image: dev.pivoine.art/valknar/supervisor-ui:latest
|
image: dev.pivoine.art/valknar/supervisor-ui:latest
|
||||||
container_name: ${AI_COMPOSE_PROJECT_NAME}_supervisor_ui
|
container_name: ${AI_COMPOSE_PROJECT_NAME}_supervisor_ui
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
dns:
|
network_mode: "service:tailscale"
|
||||||
- 100.100.100.100 # Tailscale's MagicDNS resolver
|
|
||||||
environment:
|
environment:
|
||||||
TZ: ${TIMEZONE:-Europe/Berlin}
|
TZ: ${TIMEZONE:-Europe/Berlin}
|
||||||
NODE_ENV: production
|
NODE_ENV: production
|
||||||
|
|||||||
195
net/compose.yaml
195
net/compose.yaml
@@ -6,49 +6,49 @@ services:
|
|||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command:
|
command:
|
||||||
# API & Dashboard
|
# API & Dashboard
|
||||||
- '--api.dashboard=true'
|
- "--api.dashboard=true"
|
||||||
- '--api.insecure=false'
|
- "--api.insecure=false"
|
||||||
|
|
||||||
# Ping endpoint for healthcheck
|
# Ping endpoint for healthcheck
|
||||||
- '--ping=true'
|
- "--ping=true"
|
||||||
|
|
||||||
# Experimental plugins
|
# Experimental plugins
|
||||||
- '--experimental.plugins.sablier.modulename=github.com/acouvreur/sablier'
|
- "--experimental.plugins.sablier.modulename=github.com/acouvreur/sablier"
|
||||||
- '--experimental.plugins.sablier.version=v1.8.0'
|
- "--experimental.plugins.sablier.version=v1.8.0"
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
- '--log.level=${NET_PROXY_LOG_LEVEL:-INFO}'
|
- "--log.level=${NET_PROXY_LOG_LEVEL:-INFO}"
|
||||||
- '--accesslog=true'
|
- "--accesslog=true"
|
||||||
|
|
||||||
# Global
|
# Global
|
||||||
- '--global.sendAnonymousUsage=false'
|
- "--global.sendAnonymousUsage=false"
|
||||||
- '--global.checkNewVersion=true'
|
- "--global.checkNewVersion=true"
|
||||||
|
|
||||||
# Docker Provider
|
# Docker Provider
|
||||||
- '--providers.docker=true'
|
- "--providers.docker=true"
|
||||||
- '--providers.docker.exposedbydefault=false'
|
- "--providers.docker.exposedbydefault=false"
|
||||||
- '--providers.docker.network=${NETWORK_NAME}'
|
- "--providers.docker.network=${NETWORK_NAME}"
|
||||||
|
|
||||||
# File Provider for dynamic configuration
|
# File Provider for dynamic configuration
|
||||||
- '--providers.file.directory=/etc/traefik/dynamic'
|
- "--providers.file.directory=/etc/traefik/dynamic"
|
||||||
- '--providers.file.watch=true'
|
- "--providers.file.watch=true"
|
||||||
|
|
||||||
# Entrypoints
|
# Entrypoints
|
||||||
- '--entrypoints.web.address=:${NET_PROXY_PORT_HTTP:-80}'
|
- "--entrypoints.web.address=:${NET_PROXY_PORT_HTTP:-80}"
|
||||||
- '--entrypoints.web-secure.address=:${NET_PROXY_PORT_HTTPS:-443}'
|
- "--entrypoints.web-secure.address=:${NET_PROXY_PORT_HTTPS:-443}"
|
||||||
|
|
||||||
# Global HTTP to HTTPS redirect
|
# Global HTTP to HTTPS redirect
|
||||||
- '--entrypoints.web.http.redirections.entryPoint.to=web-secure'
|
- "--entrypoints.web.http.redirections.entryPoint.to=web-secure"
|
||||||
- '--entrypoints.web.http.redirections.entryPoint.scheme=https'
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
||||||
- '--entrypoints.web.http.redirections.entryPoint.permanent=true'
|
- "--entrypoints.web.http.redirections.entryPoint.permanent=true"
|
||||||
|
|
||||||
# Security Headers (applied globally)
|
# Security Headers (applied globally)
|
||||||
- '--entrypoints.web-secure.http.middlewares=security-headers@file'
|
- "--entrypoints.web-secure.http.middlewares=security-headers@file"
|
||||||
|
|
||||||
# Let's Encrypt
|
# Let's Encrypt
|
||||||
- '--certificatesresolvers.resolver.acme.tlschallenge=true'
|
- "--certificatesresolvers.resolver.acme.tlschallenge=true"
|
||||||
- '--certificatesresolvers.resolver.acme.email=${ADMIN_EMAIL}'
|
- "--certificatesresolvers.resolver.acme.email=${ADMIN_EMAIL}"
|
||||||
- '--certificatesresolvers.resolver.acme.storage=/letsencrypt/acme.json'
|
- "--certificatesresolvers.resolver.acme.storage=/letsencrypt/acme.json"
|
||||||
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "traefik", "healthcheck", "--ping"]
|
test: ["CMD", "traefik", "healthcheck", "--ping"]
|
||||||
@@ -74,20 +74,20 @@ services:
|
|||||||
- ./dynamic:/etc/traefik/dynamic:ro
|
- ./dynamic:/etc/traefik/dynamic:ro
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.enable=true'
|
- "traefik.enable=true"
|
||||||
# HTTP to HTTPS redirect
|
# HTTP to HTTPS redirect
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-traefik-redirect-web-secure.redirectscheme.scheme=https'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-traefik-redirect-web-secure.redirectscheme.scheme=https"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-traefik-redirect-web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-traefik-redirect-web-secure"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web.rule=Host(`${NET_PROXY_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web.rule=Host(`${NET_PROXY_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web.entrypoints=web'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web.entrypoints=web"
|
||||||
# HTTPS router with auth
|
# HTTPS router with auth
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.rule=Host(`${NET_PROXY_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.rule=Host(`${NET_PROXY_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.tls.certresolver=resolver'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.tls.certresolver=resolver"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.entrypoints=web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.entrypoints=web-secure"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.service=api@internal'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.service=api@internal"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.middlewares=${NET_COMPOSE_PROJECT_NAME}-authelia,security-headers@file'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.middlewares=${NET_COMPOSE_PROJECT_NAME}-authelia,security-headers@file"
|
||||||
- 'traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.loadbalancer.server.port=8080'
|
- "traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-traefik-web-secure.loadbalancer.server.port=8080"
|
||||||
- 'traefik.docker.network=${NETWORK_NAME}'
|
- "traefik.docker.network=${NETWORK_NAME}"
|
||||||
|
|
||||||
# Netdata - Real-time monitoring
|
# Netdata - Real-time monitoring
|
||||||
netdata:
|
netdata:
|
||||||
@@ -128,23 +128,23 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- compose_network
|
- compose_network
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.enable=${NET_TRAEFIK_ENABLED}'
|
- "traefik.enable=${NET_TRAEFIK_ENABLED}"
|
||||||
# HTTP to HTTPS redirect
|
# HTTP to HTTPS redirect
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-netdata-redirect-web-secure.redirectscheme.scheme=https'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-netdata-redirect-web-secure.redirectscheme.scheme=https"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-netdata-redirect-web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-netdata-redirect-web-secure"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web.rule=Host(`${NET_NETDATA_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web.rule=Host(`${NET_NETDATA_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web.entrypoints=web'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web.entrypoints=web"
|
||||||
# HTTPS router
|
# HTTPS router
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web-secure.rule=Host(`${NET_NETDATA_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web-secure.rule=Host(`${NET_NETDATA_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web-secure.tls.certresolver=resolver'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web-secure.tls.certresolver=resolver"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web-secure.entrypoints=web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web-secure.entrypoints=web-secure"
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-netdata-compress.compress=true'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-netdata-compress.compress=true"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web-secure.middlewares=${NET_COMPOSE_PROJECT_NAME}-netdata-compress,${NET_COMPOSE_PROJECT_NAME}-authelia,security-headers@file'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-netdata-web-secure.middlewares=${NET_COMPOSE_PROJECT_NAME}-netdata-compress,${NET_COMPOSE_PROJECT_NAME}-authelia,security-headers@file"
|
||||||
# Service
|
# Service
|
||||||
- 'traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-netdata.loadbalancer.server.port=19999'
|
- "traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-netdata.loadbalancer.server.port=19999"
|
||||||
- 'traefik.docker.network=${NETWORK_NAME}'
|
- "traefik.docker.network=${NETWORK_NAME}"
|
||||||
# Watchtower
|
# Watchtower
|
||||||
- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
|
- "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
|
||||||
|
|
||||||
# Watchtower - Automatic container updates
|
# Watchtower - Automatic container updates
|
||||||
watchtower:
|
watchtower:
|
||||||
@@ -202,7 +202,8 @@ services:
|
|||||||
- compose_network
|
- compose_network
|
||||||
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD-SHELL", "curl -f http://localhost:3000/api/heartbeat || exit 1"]
|
test:
|
||||||
|
["CMD-SHELL", "curl -f http://localhost:3000/api/heartbeat || exit 1"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 5
|
retries: 5
|
||||||
@@ -210,21 +211,21 @@ services:
|
|||||||
|
|
||||||
labels:
|
labels:
|
||||||
# Traefik Configuration
|
# Traefik Configuration
|
||||||
- 'traefik.enable=${NET_TRAEFIK_ENABLED}'
|
- "traefik.enable=${NET_TRAEFIK_ENABLED}"
|
||||||
|
|
||||||
# HTTP to HTTPS redirect
|
# HTTP to HTTPS redirect
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-umami-redirect-web-secure.redirectscheme.scheme=https'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-umami-redirect-web-secure.redirectscheme.scheme=https"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-umami-redirect-web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-umami-redirect-web-secure"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web.rule=Host(`${NET_TRACK_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web.rule=Host(`${NET_TRACK_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web.entrypoints=web'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web.entrypoints=web"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.rule=Host(`${NET_TRACK_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.rule=Host(`${NET_TRACK_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.tls.certresolver=resolver'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.tls.certresolver=resolver"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.entrypoints=web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.entrypoints=web-secure"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.middlewares=security-headers@file'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.middlewares=security-headers@file"
|
||||||
- 'traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.loadbalancer.server.port=3000'
|
- "traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.loadbalancer.server.port=3000"
|
||||||
- 'traefik.docker.network=${NETWORK_NAME}'
|
- "traefik.docker.network=${NETWORK_NAME}"
|
||||||
# Watchtower
|
# Watchtower
|
||||||
- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
|
- "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
|
||||||
|
|
||||||
# Mailpit - SMTP server with web UI
|
# Mailpit - SMTP server with web UI
|
||||||
mailpit:
|
mailpit:
|
||||||
@@ -250,22 +251,22 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- compose_network
|
- compose_network
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.enable=${NET_TRAEFIK_ENABLED}'
|
- "traefik.enable=${NET_TRAEFIK_ENABLED}"
|
||||||
# HTTP to HTTPS redirect
|
# HTTP to HTTPS redirect
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-mailpit-redirect-web-secure.redirectscheme.scheme=https'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-mailpit-redirect-web-secure.redirectscheme.scheme=https"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-mailpit-redirect-web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-mailpit-redirect-web-secure"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web.rule=Host(`${NET_MAILPIT_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web.rule=Host(`${NET_MAILPIT_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web.entrypoints=web'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web.entrypoints=web"
|
||||||
# HTTPS router with auth
|
# HTTPS router with auth
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.rule=Host(`${NET_MAILPIT_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.rule=Host(`${NET_MAILPIT_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.tls.certresolver=resolver'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.tls.certresolver=resolver"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.entrypoints=web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.entrypoints=web-secure"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.middlewares=${NET_COMPOSE_PROJECT_NAME}-authelia,security-headers@file'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.middlewares=${NET_COMPOSE_PROJECT_NAME}-authelia,security-headers@file"
|
||||||
# Service
|
# Service
|
||||||
- 'traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.loadbalancer.server.port=8025'
|
- "traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-mailpit-web-secure.loadbalancer.server.port=8025"
|
||||||
- 'traefik.docker.network=${NETWORK_NAME}'
|
- "traefik.docker.network=${NETWORK_NAME}"
|
||||||
# Watchtower
|
# Watchtower
|
||||||
- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
|
- "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
|
||||||
|
|
||||||
# Authelia - SSO and authentication portal
|
# Authelia - SSO and authentication portal
|
||||||
authelia:
|
authelia:
|
||||||
@@ -285,27 +286,41 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- compose_network
|
- compose_network
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.enable=${NET_TRAEFIK_ENABLED}'
|
- "traefik.enable=${NET_TRAEFIK_ENABLED}"
|
||||||
# HTTP to HTTPS redirect
|
# HTTP to HTTPS redirect
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia-redirect-web-secure.redirectscheme.scheme=https'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia-redirect-web-secure.redirectscheme.scheme=https"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-authelia-redirect-web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web.middlewares=${NET_COMPOSE_PROJECT_NAME}-authelia-redirect-web-secure"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web.rule=Host(`${NET_AUTHELIA_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web.rule=Host(`${NET_AUTHELIA_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web.entrypoints=web'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web.entrypoints=web"
|
||||||
# HTTPS router
|
# HTTPS router
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.rule=Host(`${NET_AUTHELIA_TRAEFIK_HOST}`)'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.rule=Host(`${NET_AUTHELIA_TRAEFIK_HOST}`)"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.tls.certresolver=resolver'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.tls.certresolver=resolver"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.entrypoints=web-secure'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.entrypoints=web-secure"
|
||||||
- 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.middlewares=security-headers@file'
|
- "traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.middlewares=security-headers@file"
|
||||||
# Service
|
# Service
|
||||||
- 'traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.loadbalancer.server.port=9091'
|
- "traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.loadbalancer.server.port=9091"
|
||||||
- 'traefik.docker.network=${NETWORK_NAME}'
|
- "traefik.docker.network=${NETWORK_NAME}"
|
||||||
# ForwardAuth middleware for other services
|
# ForwardAuth middleware for other services
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.address=http://net_authelia:9091/api/authz/forward-auth'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.address=http://net_authelia:9091/api/authz/forward-auth"
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.trustForwardHeader=true'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.trustForwardHeader=true"
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
|
||||||
- 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authResponseHeadersRegex=^Remote-'
|
- "traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authResponseHeadersRegex=^Remote-"
|
||||||
# Watchtower
|
# Watchtower
|
||||||
- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
|
- "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
|
||||||
|
|
||||||
|
tailscale:
|
||||||
|
image: tailscale/tailscale:latest
|
||||||
|
hostname: vps
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
- SYS_MODULE
|
||||||
|
volumes:
|
||||||
|
- tailscale-state:/var/lib/tailscale
|
||||||
|
- /dev/net/tun:/dev/net/tun
|
||||||
|
environment:
|
||||||
|
- TS_AUTHKEY=${TAILSCALE_AUTHKEY}
|
||||||
|
- TS_STATE_DIR=/var/lib/tailscale
|
||||||
|
restart: unless-stopped
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
letsencrypt_data:
|
letsencrypt_data:
|
||||||
@@ -320,6 +335,8 @@ volumes:
|
|||||||
name: ${NET_COMPOSE_PROJECT_NAME}_mailpit_data
|
name: ${NET_COMPOSE_PROJECT_NAME}_mailpit_data
|
||||||
authelia_config:
|
authelia_config:
|
||||||
name: ${NET_COMPOSE_PROJECT_NAME}_authelia_config
|
name: ${NET_COMPOSE_PROJECT_NAME}_authelia_config
|
||||||
|
tailscale-state:
|
||||||
|
name: ${NET_COMPOSE_PROJECT_NAME}_tailscale_state
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
compose_network:
|
compose_network:
|
||||||
|
|||||||
Reference in New Issue
Block a user