# /opt/docker-compose.yml --- version: '2' services: #Plex server stats page tautulli: image: linuxserver/tautulli:latest container_name: tautulli environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} volumes: - /opt/appdata/tautulli:/config - /opt/appdata/tautulli/Library/Application\ Support/Plex\ Media\ Server/Logs:/logs ports: - 8181:8181 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=tautulli" - "traefik.frontend.rule=Host:plexstats.${DOMAINNAME}" - "traefik.port=8181" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: unless-stopped #Grabber, manage TV shows sonarr: image: linuxserver/sonarr:latest container_name: sonarr volumes: - /opt/appdata/sonarr:/config - /mnt/storage/tv:/tv - /downloads/:/downloads - /downloads/complete/tv_import:/tv_import ports: - 27021:8989 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=sonarr" - "traefik.frontend.rule=Host:sonarr.${DOMAINNAME}" # - "traefik.port=8989" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: always environment: - PUID=${PUID} - PGID=${PGID} #Grabber, manage movies radarr: image: linuxserver/radarr:latest container_name: radarr volumes: - /opt/appdata/radarr:/config - /downloads:/downloads - /mnt/storage/movies:/movies - /downloads/watch:/watch ports: - 7878:7878 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=radarr" - "traefik.frontend.rule=Host:radarr.${DOMAINNAME}" # - "traefik.port=7878" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: always environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} #Manager, Used to maintain docker containers portainer: image: portainer/portainer:latest container_name: portainer ports: - 9000:9000 volumes: - /opt/appdata/portainer:/data - /var/run/docker.sock:/var/run/docker.sock - /opt/appdata/shared:/shared environment: - TZ=${TZ} networks: - traefik_proxy1 labels: - "traefik.enable=false" - "traefik.backend=portainer" - "traefik.frontend.rule=Host:portainer.${DOMAINNAME}" - "traefik.port=9000" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=internal" restart: always #Indexer, Used by managers to query sites for content jackett: image: linuxserver/jackett:latest container_name: jackett environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} volumes: - /opt/appdata/jackett:/config - /downloads:/downloads ports: - 9117:9117 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=jackett" - "traefik.frontend.rule=Host:jackett.${DOMAINNAME}" # - "traefik.port=9117" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=internal" restart: always #Reverse Proxy, Used to route applications to domain traefik: hostname: traefik image: traefik:v1.7 container_name: traefik restart: always domainname: ${DOMAINNAME} networks: - default - traefik_proxy1 ports: - "80:80" - "443:443" - "8080:8080" labels: - "traefik.enable=true" - "traefik.backend=traefik" - "traefik.frontend.rule=Host:traefik.${DOMAINNAME}" - "traefik.port=80" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "traefik.frontend.auth.basic.users=${HTTP_USERNAME}:${HTTP_PASSWORD}" - "docker.group=internal" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /home/dockeruser/traefik:/etc/traefik - /opt/appdata/shared:/shared - /opt/appdata/traefik:/var/log - /opt/appdata/traefik/tmp:/tmp #fail2ban - ban IPs after so many failed attempts fail2ban: hostname: fail2ban image: crazymax/fail2ban:latest container_name: fail2ban network_mode: "host" cap_add: - NET_ADMIN - NET_RAW environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} volumes: - /var/log:/var/log:ro - /opt/appdata/fail2ban/data:/data - /opt/appdata/shared:/shared restart: always #Downloader, pull in content from torrents & hide traffic behind VPN arch-deluge: image: binhex/arch-delugevpn:latest container_name: arch-deluge ports: - 8112:8112 - 8118:8118 - 58846:58846 - 58946:58946 cap_add: - NET_ADMIN networks: - traefik_proxy1 volumes: - /opt/appdata/arch-deluge:/config - /downloads:/downloads - /mnt/storage:/mnt/storage - /opt/appdata/shared:/shared - /opt/appdata/arch-deluge/data:/data environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} - VPN_ENABLED=yes - VPN_USER=${VPN_USER} - VPN_PASS=${VPN_PASS} - VPN_PROV=custom #- VPN_OPTIONS= - STRICT_PORT_FORWARD=yes - ENABLE_PRIVOXY=yes - LAN_NETWORK=192.168.0.100/24 - NAME_SERVERS=103.86.96.100, 103.86.99.100 - DELUGE_DAEMON_LOG_LEVEL=error - DELUGE_WEB_LOG_LEVEL=error - DEBUG=true - UMASK=000 labels: - "traefik.enable=true" - "traefik.backend=arch-deluge" - "traefik.frontend.rule=Host:deluge.${DOMAINNAME}" - "traefik.port=8112" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" privileged: true restart: unless-stopped #updated version of plex requests ombi: image: linuxserver/ombi container_name: ombi environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} - BASE_URL=/ombi #optional volumes: - /opt/appdata/ombi:/config - /opt/appdata/shared:/shared networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=ombi" - "traefik.frontend.rule=Host:requests.${DOMAINNAME}" # - "traefik.port=3579" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" ports: - 3579:3579 restart: unless-stopped #NZBGet - usenet downloader nzbget: image: linuxserver/nzbget:latest container_name: nzbget volumes: - /opt/appdata/nzbget/config:/config - /opt/appdata/nzbget/data:/data - /downloads:/downloads - /opt/appdata/shared:/shared ports: - 27020:6789 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=nzbget" - "traefik.frontend.rule=Host:nzbget.${DOMAINNAME}" # - "traefik.port=6789" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: always environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} #Data Metrics: https://docs.docker.com/samples/library/influxdb/ influxdb: image: influxdb:latest container_name: influxdb restart: always ports: - 8086:8086 - 8083:8083 - 8090:8090/udp volumes: - /opt/appdata/influxdb/lib:/var/lib/influxdb - /opt/appdata/influxdb/:/etc/influxdb/ - /opt/appdata/shared:/shared restart: always environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} #Server Metrics: https://github.com/grafana/grafana/tree/master/packaging/docker grafana: image: grafana/grafana:latest container_name: grafana restart: always user: "104" links: - influxdb ports: - 3001:3000 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=grafana" - "traefik.frontend.rule=Host:grafana.${DOMAINNAME}" # - "traefik.port=3000" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" volumes: - /opt/appdata/grafana/var:/var/lib/grafana - /opt/appdata/grafana:/etc/grafana - /opt/appdata/shared:/shared restart: always environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} - GF_INSTALL_PLUGINS=${GF_INSTALL_PLUGINS} #Server Metrics: feeds to influxdb telegraf: image: telegraf:latest container_name: telegraf links: - influxdb volumes: - /opt/appdata/telegraf:/var/lib/telegraf - /opt/appdata/telegraf/:/etc/telegraf/ - /var/run/docker.sock:/var/run/docker.sock restart: always #tdarr - convert / transcode video files tdarr_aio: image: haveagitgat/tdarr_aio container_name: tdarr_aio ports: - 8265:8265 environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} volumes: - /opt/appdata/tdarr:/home/Tdarr/Documents/Tdarr - /downloads/tdarrDB:/var/lib/mongodb - /mnt/storage:/home/Tdarr/media - /mnt/storage/movies:/home/Tdarr/media/movies - /mnt/storage/tv:/home/Tdarr/media/tv - /downloads/tdarrDB/cache:/home/Tdarr/cache - /etc/localtime:/etc/localtime:ro restart: always lidarr: image: linuxserver/lidarr container_name: lidarr ports: - 8686:8686 environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} volumes: - /opt/appdata/lidarr:/config - /mnt/storage/music:/music - /downloads:/downloads restart: always gitea: image: gitea/gitea:1.13.0 container_name: gitea environment: - USER_UID=${PUID} - USER_GID=${PGID} restart: always networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=gitea" - "traefik.frontend.rule=Host:gitea.${DOMAINNAME}" # - "traefik.port=3000" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" volumes: - /opt/appdata/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - "222:22" #Networks, Needed for Traefik networks: traefik_proxy1: external: true default: driver: bridge