name: mediaelch networks: traefik-net: external: true services: mediaelch: image: lscr.io/linuxserver/mediaelch:latest env_file: .mediaelch.env #user: "${PUID}:${PGID}" group_add: - "${MEDIA_GID}" # not really needed if we have it as the primary gid security_opt: - seccomp:unconfined #optional networks: - traefik-net volumes: - "${DATADIR}/config:/config" - "${MEDIADIR}:${CT_MEDIA}" restart: unless-stopped labels: - traefik.enable=true - traefik.docker.network=traefik-net # http middlewares # --------------------------- #- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}" #- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.usersfile=/mnt/users/${APPLICATION_NAME}.txt" # # http services # ------------- - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}" # # http routers # ------------ # limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml) - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web" # set match criteria for router - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)" # assign middlewares - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" # assign svc target to router - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc" # # limit router to websecure ":443" entrypoint - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure" # set match criteria for router - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)" # set router to be dedicated to secure requests only for the host specified in match criteria - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true" # apply tls options - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file" # generate certificates using following certresolver - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns" # attach middlewares to routers #- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-auth" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" # assign svc target to router - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"