# gluetun for arr apps # to use gluetun from apps in other projects, use network_mode: "container:gluetun-arr" # access apps in this project with 127.0.0.1:PORT, e.g. to access qbittorrent use localhost:10095 # NB: Start gluetun-arr first, before starting depending apps in other projects # Stop & inactivate depending apps in other projects first, before stopping this gluetun-arr # we will use 10.255.239.0/24 block of the traefik subnet for containers that have to connect to arr apps # See .static-ips.yml for static ip addresses name: gluetun-arr networks: traefik-net: external: true secrets: wireguard_private_key: file: ${SECRETSDIR}/wireguard_private_key services: # qbittorrent: # image: lscr.io/linuxserver/qbittorrent:latest # env_file: .${QBIT_APP}.env # network_mode: "service:gluetun" # volumes: # - "${DATAROOT}/${QBIT_APP}/config:/config" # - "${DOWNLOADSDIR}:${CT_DOWNLOADS}" # - "${RECYCLINGDIR}/${QBIT_APP}:${CT_RECYCLINGBIN}:rw" # restart: unless-stopped # depends_on: # gluetun: # condition: service_healthy # # flaresolverr: # # DockerHub mirror flaresolverr/flaresolverr:latest # image: ghcr.io/flaresolverr/flaresolverr:latest ## container_name: flaresolverr # env_file: .${FLARESOLVERR_APP}.env # network_mode: "service:gluetun" # restart: unless-stopped prowlarr: image: lscr.io/linuxserver/prowlarr:latest env_file: .${PROWLARR_APP}.env network_mode: "service:gluetun" volumes: - "${DATAROOT}/${PROWLARR_APP}/config:/config" - "${DOWNLOADSDIR}:${CT_DOWNLOADS}" - "${MEDIADIR}:${CT_MEDIA}" - "${RECYCLINGDIR}/${PROWLARR_APP}:${CT_RECYCLINGBIN}:rw" restart: unless-stopped # depends_on: # qbittorrent: # condition: service_started radarr: image: lscr.io/linuxserver/radarr:latest env_file: .${RADARR_APP}.env network_mode: "service:gluetun" volumes: - "${DATAROOT}/${RADARR_APP}/config:/config" - "${DOWNLOADSDIR}:${CT_DOWNLOADS}" - "${MEDIADIR}:${CT_MEDIA}" - "${RECYCLINGDIR}/${RADARR_APP}:${CT_RECYCLINGBIN}:rw" restart: unless-stopped depends_on: prowlarr: condition: service_started lidarr: image: lscr.io/linuxserver/lidarr:latest env_file: .${LIDARR_APP}.env network_mode: "service:gluetun" volumes: - "${DATAROOT}/${LIDARR_APP}/config:/config" - "${DOWNLOADSDIR}:${CT_DOWNLOADS}" - "${MEDIADIR}:${CT_MEDIA}" - "${RECYCLINGDIR}/${LIDARR_APP}:${CT_RECYCLINGBIN}:rw" restart: unless-stopped depends_on: prowlarr: condition: service_started sonarr: image: lscr.io/linuxserver/sonarr:latest env_file: .${SONARR_APP}.env network_mode: "service:gluetun" volumes: - "${DATAROOT}/${SONARR_APP}/config:/config" - "${DOWNLOADSDIR}:${CT_DOWNLOADS}" - "${MEDIADIR}:${CT_MEDIA}" - "${RECYCLINGDIR}/${SONARR_APP}:${CT_RECYCLINGBIN}:rw" restart: unless-stopped depends_on: prowlarr: condition: service_started readarr: image: lscr.io/linuxserver/readarr:develop env_file: .${READARR_APP}.env network_mode: "service:gluetun" volumes: - "${DATAROOT}/${READARR_APP}/config:/config" - "${DOWNLOADSDIR}:${CT_DOWNLOADS}" - "${MEDIADIR}:${CT_MEDIA}" - "${RECYCLINGDIR}/${READARR_APP}:${CT_RECYCLINGBIN}:rw" restart: unless-stopped depends_on: prowlarr: condition: service_started gluetun: image: qmcgaw/gluetun:latest hostname: gluetun-arr # overseerr "Settings->Services->radarr/sonarr->Edit->Hostname or IP Address" should be set to this value env_file: .gluetun.env cap_add: - NET_ADMIN devices: - /dev/net/tun volumes: - "${DATADIR}/appdata:/gluetun" secrets: - wireguard_private_key networks: traefik-net: ipv4_address: 10.255.239.1 # to access services in this project from other containers; hostnames and aliases will not work restart: always labels: - traefik.enable=true - traefik.docker.network=traefik-net ################################################################################## ################################# QBIT_APP ################################## # # http services # ------------- - "traefik.http.services.${QBIT_APP}-gt-svc.loadbalancer.server.port=${QBIT_PORT}" # # http routers # ------------ # # limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml) # - "traefik.http.routers.${QBIT_APP}-rtr.entrypoints=web" # # set match criteria for router # - "traefik.http.routers.${QBIT_APP}-rtr.rule=Host(`${QBIT_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" # # attach middlewares to router # - "traefik.http.routers.${QBIT_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" # # assign svc target to router # - "traefik.http.routers.${QBIT_APP}-rtr.service=${QBIT_APP}-gt-svc" # # # # limit router to websecure ":443" entrypoint # - "traefik.http.routers.${QBIT_APP}-secure-rtr.entrypoints=websecure" # # set match criteria for router # - "traefik.http.routers.${QBIT_APP}-secure-rtr.rule=Host(`${QBIT_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" # # set router to be dedicated to secure requests only for the host specified in match criteria # - "traefik.http.routers.${QBIT_APP}-secure-rtr.tls=true" # # apply tls options # - "traefik.http.routers.${QBIT_APP}-secure-rtr.tls.options=tls-options@file" # # generate certificates using following certresolver # - "traefik.http.routers.${QBIT_APP}-secure-rtr.tls.certresolver=solver-dns" # # attach middlewares to routers # #- "traefik.http.routers.${QBIT_APP}-secure-rtr.middlewares=${QBIT_APP}-auth" # - "traefik.http.routers.${QBIT_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" # # assign svc target to router # - "traefik.http.routers.${QBIT_APP}-secure-rtr.service=${QBIT_APP}-gt-svc" ################################################################################## ################################# PROWLARR_APP ################################## #- "traefik.http.middlewares.${PROWLARR_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}" #- "traefik.http.middlewares.${PROWLARR_APP}-auth.basicauth.usersfile=/mnt/users/${PROWLARR_APP}.txt" - "traefik.http.services.${PROWLARR_APP}-gt-svc.loadbalancer.server.port=${PROWLARR_PORT}" - "traefik.http.routers.${PROWLARR_APP}-rtr.entrypoints=web" - "traefik.http.routers.${PROWLARR_APP}-rtr.rule=Host(`${PROWLARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${PROWLARR_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" - "traefik.http.routers.${PROWLARR_APP}-rtr.service=${PROWLARR_APP}-gt-svc" - "traefik.http.routers.${PROWLARR_APP}-secure-rtr.entrypoints=websecure" - "traefik.http.routers.${PROWLARR_APP}-secure-rtr.rule=Host(`${PROWLARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${PROWLARR_APP}-secure-rtr.tls=true" - "traefik.http.routers.${PROWLARR_APP}-secure-rtr.tls.options=tls-options@file" - "traefik.http.routers.${PROWLARR_APP}-secure-rtr.tls.certresolver=solver-dns" #- "traefik.http.routers.${PROWLARR_APP}-secure-rtr.middlewares=${PROWLARR_APP}-auth" - "traefik.http.routers.${PROWLARR_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" - "traefik.http.routers.${PROWLARR_APP}-secure-rtr.service=${PROWLARR_APP}-gt-svc" ################################################################################## ################################# RADARR_APP ################################## #- "traefik.http.middlewares.${RADARR_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}" #- "traefik.http.middlewares.${RADARR_APP}-auth.basicauth.usersfile=/mnt/users/${RADARR_APP}.txt" - "traefik.http.services.${RADARR_APP}-gt-svc.loadbalancer.server.port=${RADARR_PORT}" - "traefik.http.routers.${RADARR_APP}-rtr.entrypoints=web" - "traefik.http.routers.${RADARR_APP}-rtr.rule=Host(`${RADARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${RADARR_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" - "traefik.http.routers.${RADARR_APP}-rtr.service=${RADARR_APP}-gt-svc" - "traefik.http.routers.${RADARR_APP}-secure-rtr.entrypoints=websecure" - "traefik.http.routers.${RADARR_APP}-secure-rtr.rule=Host(`${RADARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${RADARR_APP}-secure-rtr.tls=true" - "traefik.http.routers.${RADARR_APP}-secure-rtr.tls.options=tls-options@file" - "traefik.http.routers.${RADARR_APP}-secure-rtr.tls.certresolver=solver-dns" #- "traefik.http.routers.${RADARR_APP}-secure-rtr.middlewares=${RADARR_APP}-auth" - "traefik.http.routers.${RADARR_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" - "traefik.http.routers.${RADARR_APP}-secure-rtr.service=${RADARR_APP}-gt-svc" ################################################################################## ################################# LIDARR_APP ################################## #- "traefik.http.middlewares.${LIDARR_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}" #- "traefik.http.middlewares.${LIDARR_APP}-auth.basicauth.usersfile=/mnt/users/${LIDARR_APP}.txt" - "traefik.http.services.${LIDARR_APP}-gt-svc.loadbalancer.server.port=${LIDARR_PORT}" - "traefik.http.routers.${LIDARR_APP}-rtr.entrypoints=web" - "traefik.http.routers.${LIDARR_APP}-rtr.rule=Host(`${LIDARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${LIDARR_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" - "traefik.http.routers.${LIDARR_APP}-rtr.service=${LIDARR_APP}-gt-svc" - "traefik.http.routers.${LIDARR_APP}-secure-rtr.entrypoints=websecure" - "traefik.http.routers.${LIDARR_APP}-secure-rtr.rule=Host(`${LIDARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${LIDARR_APP}-secure-rtr.tls=true" - "traefik.http.routers.${LIDARR_APP}-secure-rtr.tls.options=tls-options@file" - "traefik.http.routers.${LIDARR_APP}-secure-rtr.tls.certresolver=solver-dns" #- "traefik.http.routers.${LIDARR_APP}-secure-rtr.middlewares=${LIDARR_APP}-auth" - "traefik.http.routers.${LIDARR_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" - "traefik.http.routers.${LIDARR_APP}-secure-rtr.service=${LIDARR_APP}-gt-svc" ################################################################################## ################################# SONARR_APP ################################## #- "traefik.http.middlewares.${SONARR_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}" #- "traefik.http.middlewares.${SONARR_APP}-auth.basicauth.usersfile=/mnt/users/${SONARR_APP}.txt" - "traefik.http.services.${SONARR_APP}-gt-svc.loadbalancer.server.port=${SONARR_PORT}" - "traefik.http.routers.${SONARR_APP}-rtr.entrypoints=web" - "traefik.http.routers.${SONARR_APP}-rtr.rule=Host(`${SONARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${SONARR_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" - "traefik.http.routers.${SONARR_APP}-rtr.service=${SONARR_APP}-gt-svc" - "traefik.http.routers.${SONARR_APP}-secure-rtr.entrypoints=websecure" - "traefik.http.routers.${SONARR_APP}-secure-rtr.rule=Host(`${SONARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${SONARR_APP}-secure-rtr.tls=true" - "traefik.http.routers.${SONARR_APP}-secure-rtr.tls.options=tls-options@file" - "traefik.http.routers.${SONARR_APP}-secure-rtr.tls.certresolver=solver-dns" #- "traefik.http.routers.${SONARR_APP}-secure-rtr.middlewares=${SONARR_APP}-auth" - "traefik.http.routers.${SONARR_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" - "traefik.http.routers.${SONARR_APP}-secure-rtr.service=${SONARR_APP}-gt-svc" ################################################################################## ################################# READARR_APP ################################## #- "traefik.http.middlewares.${READARR_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}" #- "traefik.http.middlewares.${READARR_APP}-auth.basicauth.usersfile=/mnt/users/${READARR_APP}.txt" - "traefik.http.services.${READARR_APP}-gt-svc.loadbalancer.server.port=${READARR_PORT}" - "traefik.http.routers.${READARR_APP}-rtr.entrypoints=web" - "traefik.http.routers.${READARR_APP}-rtr.rule=Host(`${READARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${READARR_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" - "traefik.http.routers.${READARR_APP}-rtr.service=${READARR_APP}-gt-svc" - "traefik.http.routers.${READARR_APP}-secure-rtr.entrypoints=websecure" - "traefik.http.routers.${READARR_APP}-secure-rtr.rule=Host(`${READARR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${READARR_APP}-secure-rtr.tls=true" - "traefik.http.routers.${READARR_APP}-secure-rtr.tls.options=tls-options@file" - "traefik.http.routers.${READARR_APP}-secure-rtr.tls.certresolver=solver-dns" #- "traefik.http.routers.${READARR_APP}-secure-rtr.middlewares=${READARR_APP}-auth" - "traefik.http.routers.${READARR_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" - "traefik.http.routers.${READARR_APP}-secure-rtr.service=${READARR_APP}-gt-svc" ################################################################################## ################################# FLARESOLVERR_APP ################################## # - "traefik.http.services.${FLARESOLVERR_APP}-gt-svc.loadbalancer.server.port=${FLARESOLVERR_PORT}" # - "traefik.http.routers.${FLARESOLVERR_APP}-rtr.entrypoints=web" # - "traefik.http.routers.${FLARESOLVERR_APP}-rtr.rule=Host(`${FLARESOLVERR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" # - "traefik.http.routers.${FLARESOLVERR_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" # - "traefik.http.routers.${FLARESOLVERR_APP}-rtr.service=${FLARESOLVERR_APP}-gt-svc" # - "traefik.http.routers.${FLARESOLVERR_APP}-secure-rtr.entrypoints=websecure" # - "traefik.http.routers.${FLARESOLVERR_APP}-secure-rtr.rule=Host(`${FLARESOLVERR_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)" # - "traefik.http.routers.${FLARESOLVERR_APP}-secure-rtr.tls=true" # - "traefik.http.routers.${FLARESOLVERR_APP}-secure-rtr.tls.options=tls-options@file" # - "traefik.http.routers.${FLARESOLVERR_APP}-secure-rtr.tls.certresolver=solver-dns" # #- "traefik.http.routers.${FLARESOLVERR_APP}-secure-rtr.middlewares=${FLARESOLVERR_APP}-auth" # - "traefik.http.routers.${FLARESOLVERR_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" # - "traefik.http.routers.${FLARESOLVERR_APP}-secure-rtr.service=${FLARESOLVERR_APP}-gt-svc" # ##################################################################################