# gluetun for browser apps # to use gluetun from apps in other projects, use network_mode: "container:gluetun-bw" # NB: Start gluetun-bw first, before starting depending apps in other projects # Stop & inactivate depending apps in other projects first, before stopping this gluetun-bw # we will use 10.255.239.0/24 block of the traefik subnet for containers that have to connect to bw apps # See .static-ips.yml for static ip addresses if needed name: gluetun-bw networks: traefik-net: external: true secrets: wireguard_private_key: file: ${SECRETSDIR}/wireguard_private_key services: firefox: image: lscr.io/linuxserver/firefox:latest env_file: .${FIREFOX_APP}.env network_mode: "service:gluetun" security_opt: - seccomp:unconfined #optional shm_size: "1gb" volumes: - "${DATAROOT}/${FIREFOX_APP}/config:/config" # - "${DATAROOT}/${FIREFOX_APP}/themes:/mnt/themes" - "${DOWNLOADSDIR}/firefox:${CT_DOWNLOADS}" restart: unless-stopped depends_on: gluetun: condition: service_healthy jdownloader2: image: jlesage/jdownloader-2 env_file: .${JDOWNLOADER2_APP}.env network_mode: "service:gluetun" volumes: - "${DATAROOT}/${JDOWNLOADER2_APP}/config:/config" - "${DOWNLOADSDIR}/${JDOWNLOADER2_APP}:/output" restart: unless-stopped depends_on: gluetun: condition: service_healthy gluetun: image: qmcgaw/gluetun:latest hostname: gluetun-bw env_file: .gluetun.env cap_add: - NET_ADMIN devices: - /dev/net/tun volumes: - "${DATADIR}/appdata:/gluetun" secrets: - wireguard_private_key networks: traefik-net: ipv4_address: 10.255.239.2 # to access services in this project from other containers; hostnames and aliases will not work restart: always labels: - traefik.enable=true - traefik.docker.network=traefik-net ################################################################################## ################################# FIREFOX_APP ################################## # http middlewares # --------------------------- #- "traefik.http.middlewares.${FIREFOX_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}" #- "traefik.http.middlewares.${FIREFOX_APP}-auth.basicauth.usersfile=/mnt/users/${FIREFOX_APP}.txt" # # http services # ------------- - "traefik.http.services.${FIREFOX_APP}-gt-svc.loadbalancer.server.port=${FIREFOX_PORT}" # # http routers # ------------ # limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml) - "traefik.http.routers.${FIREFOX_APP}-rtr.entrypoints=web" # set match criteria for router - "traefik.http.routers.${FIREFOX_APP}-rtr.rule=Host(`${FIREFOX_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" # attach middlewares to router - "traefik.http.routers.${FIREFOX_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" # assign svc target to router - "traefik.http.routers.${FIREFOX_APP}-rtr.service=${FIREFOX_APP}-gt-svc" # # limit router to websecure ":443" entrypoint - "traefik.http.routers.${FIREFOX_APP}-secure-rtr.entrypoints=websecure" # set match criteria for router - "traefik.http.routers.${FIREFOX_APP}-secure-rtr.rule=Host(`${FIREFOX_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" # set router to be dedicated to secure requests only for the host specified in match criteria - "traefik.http.routers.${FIREFOX_APP}-secure-rtr.tls=true" # apply tls options - "traefik.http.routers.${FIREFOX_APP}-secure-rtr.tls.options=tls-options@file" # generate certificates using following certresolver - "traefik.http.routers.${FIREFOX_APP}-secure-rtr.tls.certresolver=solver-dns" # attach middlewares to routers #- "traefik.http.routers.${FIREFOX_APP}-secure-rtr.middlewares=${FIREFOX_APP}-auth" - "traefik.http.routers.${FIREFOX_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" # assign svc target to router - "traefik.http.routers.${FIREFOX_APP}-secure-rtr.service=${FIREFOX_APP}-gt-svc" ################################################################################## ################################# JDOWNLOADER2_APP ################################## #- "traefik.http.middlewares.${JDOWNLOADER2_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}" #- "traefik.http.middlewares.${JDOWNLOADER2_APP}-auth.basicauth.usersfile=/mnt/users/${JDOWNLOADER2_APP}.txt" - "traefik.http.services.${JDOWNLOADER2_APP}-gt-svc.loadbalancer.server.port=${JDOWNLOADER2_PORT}" - "traefik.http.routers.${JDOWNLOADER2_APP}-rtr.entrypoints=web" - "traefik.http.routers.${JDOWNLOADER2_APP}-rtr.rule=Host(`${JDOWNLOADER2_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${JDOWNLOADER2_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" - "traefik.http.routers.${JDOWNLOADER2_APP}-rtr.service=${JDOWNLOADER2_APP}-gt-svc" - "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.entrypoints=websecure" - "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.rule=Host(`${JDOWNLOADER2_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.tls=true" - "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.tls.options=tls-options@file" - "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.tls.certresolver=solver-dns" #- "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.middlewares=${JDOWNLOADER2_APP}-auth" - "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" - "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.service=${JDOWNLOADER2_APP}-gt-svc"