Docker/proxmox-docker
Docker/proxmox-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated frigate, mosquitto and traefik

Browse Source
This commit is contained in:
Chris Stuurman 2025-12-09 17:57:34 +02:00
parent 3f05874d73
commit 3084ac7541
6 changed files with 77 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
frigate/compose.yaml
View File

@ -47,6 +47,11 @@ services:
- traefik.enable=true - traefik.enable=true
- traefik.docker.network=traefik-net - traefik.docker.network=traefik-net
- traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${INTERNAL_PORT} - traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${INTERNAL_PORT}
# to ensure connection from traefik to frigate backend is secure, set scheme to https
#- traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.scheme=https
- traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.usersfile=/mnt/users/${APPLICATION_NAME}.txt"
- traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-auth"
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-auth"
- traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web - traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web
- traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) - traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)
- traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-secureHeaders-redirect@file - traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-secureHeaders-redirect@file

2
mosquitto/.env
View File

@ -1,8 +1,6 @@
APPLICATION_NAME=mosquitto APPLICATION_NAME=mosquitto
DOCKERDIR=/opt DOCKERDIR=/opt
#MEDIADIR=/mnt/stpool1/NData1/Media
#DOWNLOADSDIR=/mnt/stpool1/Downloads
STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME} STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
DATAROOT=${DOCKERDIR}/data DATAROOT=${DOCKERDIR}/data

26
mosquitto/compose.yaml
View File

@ -21,34 +21,34 @@ services:
# ports 1883, 8883 and 9001 # ports 1883, 8883 and 9001
# 9001 not implemented # 9001 not implemented
# labels: labels:
# - traefik.enable=true - traefik.enable=true
# - traefik.docker.network=traefik-net - traefik.docker.network=traefik-net
# #
# tcp services # tcp services
# ------------- # -------------
# - traefik.tcp.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${SERVICE_PORT} - traefik.tcp.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${SERVICE_PORT}
#- "traefik.tcp.services.${APPLICATION_NAME}-secure-svc.loadbalancer.server.port=${SECURE_SERVICE_PORT}" #- "traefik.tcp.services.${APPLICATION_NAME}-secure-svc.loadbalancer.server.port=${SECURE_SERVICE_PORT}"
# #
# tcp routers # tcp routers
# ------------ # ------------
# limit router to mqtt ":1883" entrypoint # limit router to mqtt ":1883" entrypoint
# - traefik.tcp.routers.${APPLICATION_NAME}-rtr.entrypoints=mqtt - traefik.tcp.routers.${APPLICATION_NAME}-rtr.entrypoints=mqtt
# set match criteria for router # set match criteria for router
# - traefik.tcp.routers.${APPLICATION_NAME}-rtr.rule=HostSNI(`*`) - traefik.tcp.routers.${APPLICATION_NAME}-rtr.rule=HostSNI(`*`)
# assign svc target to routers # assign svc target to routers
# - traefik.tcp.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc - traefik.tcp.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc
# #
# limit router to mqttsecure ":8883" entrypoint # limit router to mqttsecure ":8883" entrypoint
# - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=mqttsecure - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=mqttsecure
# set match criteria for router # set match criteria for router
# - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.rule=HostSNI(`${APPLICATION_NAME}.${DOMAINNAME}`) || HostSNI(`mqtt.${DOMAINNAME}`) - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.rule=HostSNI(`${APPLICATION_NAME}.${DOMAINNAME}`) || HostSNI(`mqtt-px.${DOMAINNAME}`)
# set router to be dedicated to secure requests only for the host specified in match criteria # set router to be dedicated to secure requests only for the host specified in match criteria
# - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls=true - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls=true
# passthrough tls # passthrough tls
# - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls.passthrough=true - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls.passthrough=true
# generate certificates using following certresolver # generate certificates using following certresolver
# - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns
# assign svc target to routers # assign svc target to routers
#- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-secure-svc" #- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-secure-svc"
# - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc # use same svc as non-secure router to avoid issues with certificates on mosquitto - traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc # use same svc as non-secure router to avoid issues with certificates on mosquitto

1
traefik/.env
View File

@ -20,4 +20,3 @@ PGID=3011
TZ=Africa/Johannesburg TZ=Africa/Johannesburg
PING_PORT=8083 PING_PORT=8083
WEBAPP_PING=traefik-ping

120
traefik/compose.yaml
View File

@ -40,70 +40,56 @@ services:
command: command:
- --configFile=/config/traefik.yml - --configFile=/config/traefik.yml
ports: ports:
- name: "web" - name: web
target: 80 # container port target: 80
host_ip: 0.0.0.0 # host IP; 0.0.0.0 binds to all network interfaces host_ip: 0.0.0.0
published: "80" # publicly exposed port, defined as a string published: "80"
protocol: tcp # port protocol protocol: tcp
app_protocol: http # application protocol (TCP/IP level 4 / OSI level 7) this port is used for app_protocol: http
mode: host # how port is published in swarm setup mode: host
- name: websecure
- name: "websecure"
target: 443 target: 443
host_ip: 0.0.0.0 host_ip: 0.0.0.0
published: "443" published: "443"
protocol: tcp protocol: tcp
app_protocol: http app_protocol: http
mode: host mode: host
- name: mqtt
# - name: "traefik" # dashboard port - use when not using labels below / reverse proxy for traefik itself target: 1883
# target: 8080 published: "1883"
# host_ip: 0.0.0.0 protocol: tcp
# published: "8080" app_protocol: mqtt
# protocol: tcp mode: host
# app_protocol: http - name: mqttsecure
# mode: host target: 8883
published: "8883"
# - target: 51820 protocol: tcp
# published: "51820" app_protocol: mqtt
# protocol: udp mode: host
# mode: host # - target: 19132
# - target: 32400 # published: "19132"
# published: "32400" # protocol: udp
# protocol: tcp # mode: host
# mode: host # - target: 25565
# - target: 1883 # published: "25565"
# published: "1883" # protocol: udp
# protocol: tcp # mode: host
# mode: host # - target: 25575
# - target: 8883 # published: "25575"
# published: "8883" # protocol: tcp
# protocol: tcp # mode: host
# mode: host # - target: 8083
# - target: 19132 # published: "8083"
# published: "19132" # protocol: tcp
# protocol: udp # mode: host
# mode: host # - target: 8306
# - target: 25565 # published: "8306"
# published: "25565" # protocol: tcp
# protocol: udp # mode: host
# mode: host # - target: 9306
# - target: 25575 # published: "9306"
# published: "25575" # protocol: tcp
# protocol: tcp # mode: host
# mode: host
# - target: 8083
# published: "8083"
# protocol: tcp
# mode: host
# - target: 8306
# published: "8306"
# protocol: tcp
# mode: host
# - target: 9306
# published: "9306"
# protocol: tcp
# mode: host
secrets: secrets:
- cf_dns_api_token - cf_dns_api_token
volumes: volumes:
@ -117,17 +103,22 @@ services:
# #
# http routers # http routers
# ------------ # ------------
# http://traefik-px.sthome.org/ping # http://traefik-px-ping.sthome.org/ping
- traefik.http.routers.${APPLICATION_NAME}-ping-rtr.entrypoints=web - traefik.http.routers.${APPLICATION_NAME}-ping-rtr.entrypoints=web
- traefik.http.routers.${APPLICATION_NAME}-ping-rtr.rule=Host(`${WEBAPP_PING}.${DOMAINNAME}`)&& PathPrefix(`/`) - traefik.http.routers.${APPLICATION_NAME}-ping-rtr.rule=Host(`${WEBAPP_NAME}-ping.${DOMAINNAME}`)&&
PathPrefix(`/`)
# http://traefik-px.sthome.org/
- traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web - traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web
- traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) - traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&&
PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&&
PathPrefix(`/`)
# https://appname.domainname/ # https://appname.domainname/
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&&
PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&&
PathPrefix(`/`)
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true
# - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options.yml@file # - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options.yml@file
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns
#- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.domains[0].main=${DOMAINNAME}" #- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.domains[0].main=${DOMAINNAME}"
#- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.domains[0].sans=*.${DOMAINNAME}" #- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.domains[0].sans=*.${DOMAINNAME}"
@ -144,7 +135,6 @@ services:
# http services # http services
# ------------- # -------------
- traefik.http.services.${APPLICATION_NAME}-ping-svc.loadbalancer.server.port=${PING_PORT} - traefik.http.services.${APPLICATION_NAME}-ping-svc.loadbalancer.server.port=${PING_PORT}
# assign services to routers # assign services to routers
- traefik.http.routers.${APPLICATION_NAME}-ping-rtr.service=${APPLICATION_NAME}-ping-svc - traefik.http.routers.${APPLICATION_NAME}-ping-rtr.service=${APPLICATION_NAME}-ping-svc
- traefik.http.routers.${APPLICATION_NAME}-rtr.service=api@internal - traefik.http.routers.${APPLICATION_NAME}-rtr.service=api@internal

8
traefik/config/traefik.yml
View File

@ -71,11 +71,11 @@ entryPoints:
ping: ping:
address: ":8083" address: ":8083"
# mqtt: mqtt:
# address: ":1883" address: ":1883"
# mqttsecure: mqttsecure:
# address: ":8883" address: ":8883"
ping: ping:
entryPoint: "ping" entryPoint: "ping"