TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4505de274c
docker-apps/gluetun-bw/stacks/compose.yml
Chris d067d5f1f7 first commit
2025-04-03 22:57:52 +02:00

124 lines
5.9 KiB
YAML
Raw Blame History

# gluetun for browser apps
# to use gluetun from apps in other projects, use network_mode: "container:gluetun-bw"
# NB: Start gluetun-bw first, before starting depending apps in other projects
# Stop & inactivate depending apps in other projects first, before stopping this gluetun-bw
# we will use 10.255.239.0/24 block of the traefik subnet for containers that have to connect to bw apps
# See .static-ips.yml for static ip addresses if needed
name: gluetun-bw
networks:
traefik-net:
external: true
secrets:
wireguard_private_key:
file: ${SECRETSDIR}/wireguard_private_key
services:
firefox:
image: lscr.io/linuxserver/firefox:latest
env_file: .${FIREFOX_APP}.env
network_mode: "service:gluetun"
security_opt:
- seccomp:unconfined #optional
shm_size: "1gb"
volumes:
- "${DATAROOT}/${FIREFOX_APP}/config:/config"
# - "${DATAROOT}/${FIREFOX_APP}/themes:/mnt/themes"
- "${DOWNLOADSDIR}/firefox:${CT_DOWNLOADS}"
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
jdownloader2:
image: jlesage/jdownloader-2
env_file: .${JDOWNLOADER2_APP}.env
network_mode: "service:gluetun"
volumes:
- "${DATAROOT}/${JDOWNLOADER2_APP}/config:/config"
- "${DOWNLOADSDIR}/${JDOWNLOADER2_APP}:/output"
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
gluetun:
image: qmcgaw/gluetun:latest
hostname: gluetun-bw
env_file: .gluetun.env
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
volumes:
- "${DATADIR}/appdata:/gluetun"
secrets:
- wireguard_private_key
networks:
traefik-net:
ipv4_address: 10.255.239.2 # to access services in this project from other containers; hostnames and aliases will not work
restart: always
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
##################################################################################
################################# FIREFOX_APP ##################################
# http middlewares
# ---------------------------
#- "traefik.http.middlewares.${FIREFOX_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}"
#- "traefik.http.middlewares.${FIREFOX_APP}-auth.basicauth.usersfile=/mnt/users/${FIREFOX_APP}.txt"
#
# http services
# -------------
- "traefik.http.services.${FIREFOX_APP}-gt-svc.loadbalancer.server.port=${FIREFOX_PORT}"
#
# http routers
# ------------
# limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml)
- "traefik.http.routers.${FIREFOX_APP}-rtr.entrypoints=web"
# set match criteria for router
- "traefik.http.routers.${FIREFOX_APP}-rtr.rule=Host(`${FIREFOX_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router
- "traefik.http.routers.${FIREFOX_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file"
# assign svc target to router
- "traefik.http.routers.${FIREFOX_APP}-rtr.service=${FIREFOX_APP}-gt-svc"
#
# limit router to websecure ":443" entrypoint
- "traefik.http.routers.${FIREFOX_APP}-secure-rtr.entrypoints=websecure"
# set match criteria for router
- "traefik.http.routers.${FIREFOX_APP}-secure-rtr.rule=Host(`${FIREFOX_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# set router to be dedicated to secure requests only for the host specified in match criteria
- "traefik.http.routers.${FIREFOX_APP}-secure-rtr.tls=true"
# apply tls options
- "traefik.http.routers.${FIREFOX_APP}-secure-rtr.tls.options=tls-options@file"
# generate certificates using following certresolver
- "traefik.http.routers.${FIREFOX_APP}-secure-rtr.tls.certresolver=solver-dns"
# attach middlewares to routers
#- "traefik.http.routers.${FIREFOX_APP}-secure-rtr.middlewares=${FIREFOX_APP}-auth"
- "traefik.http.routers.${FIREFOX_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file"
# assign svc target to router
- "traefik.http.routers.${FIREFOX_APP}-secure-rtr.service=${FIREFOX_APP}-gt-svc"
##################################################################################
################################# JDOWNLOADER2_APP ##################################
#- "traefik.http.middlewares.${JDOWNLOADER2_APP}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}"
#- "traefik.http.middlewares.${JDOWNLOADER2_APP}-auth.basicauth.usersfile=/mnt/users/${JDOWNLOADER2_APP}.txt"
- "traefik.http.services.${JDOWNLOADER2_APP}-gt-svc.loadbalancer.server.port=${JDOWNLOADER2_PORT}"
- "traefik.http.routers.${JDOWNLOADER2_APP}-rtr.entrypoints=web"
- "traefik.http.routers.${JDOWNLOADER2_APP}-rtr.rule=Host(`${JDOWNLOADER2_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)"
- "traefik.http.routers.${JDOWNLOADER2_APP}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file"
- "traefik.http.routers.${JDOWNLOADER2_APP}-rtr.service=${JDOWNLOADER2_APP}-gt-svc"
- "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.entrypoints=websecure"
- "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.rule=Host(`${JDOWNLOADER2_APP}.${DOMAINNAME}`)&& PathPrefix(`/`)"
- "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.tls=true"
- "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.tls.options=tls-options@file"
- "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.tls.certresolver=solver-dns"
#- "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.middlewares=${JDOWNLOADER2_APP}-auth"
- "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file"
- "traefik.http.routers.${JDOWNLOADER2_APP}-secure-rtr.service=${JDOWNLOADER2_APP}-gt-svc"
Reference in New Issue View Git Blame Copy Permalink