TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
593317514d
docker-apps/sftpgo/stacks/compose - multi-rtr.yml
Chris d067d5f1f7 first commit
2025-04-03 22:57:52 +02:00

199 lines
12 KiB
YAML
Raw Blame History

# https://hub.docker.com/r/atmoz/sftp/
#
#sftp:
# image: atmoz/sftp
# volumes:
# - <host-dir>/upload:/home/foo/upload
# ports:
# - "2222:22"
# command: foo:pass:1001
#
#https://docs.sftpgo.com/latest/docker/#container-shell-access-and-viewing-sftpgo-logs
name: sftpgo
secrets:
sftpgo_postgresql_database:
file: "${SECRETSDIR}/sftpgo_postgresql_database"
sftpgo_postgresql_username:
file: "${SECRETSDIR}/sftpgo_postgresql_username"
sftpgo_postgresql_password:
file: "${SECRETSDIR}/sftpgo_postgresql_password"
networks:
traefik-net:
external: true
postgres-net:
external: true
services:
sftpgo:
image: drakkan/sftpgo:latest
env_file: .sftpgo.env
hostname: sftpgo
user: ${PUID}:${MEDIA_GID}
networks:
- postgres-net
- traefik-net
volumes:
- ${DATADIR}/config:/etc/sftpgo
- ${CERTSDIR}:/srv/sftpgo/certificates
- ${CREDENTIALSDIR}:/srv/sftpgo/credentials
- ${USERDATADIR}:/srv/sftpgo/data
- ${USERTEMPDIR}:/srv/sftpgo/temp
- ${USERSHAREDDIR}:/srv/sftpgo/shared
- ${BACKUPDIR}:/srv/sftpgo/backups
- ${HOMEDIR}:/var/lib/sftpgo
- ${DATADIR}/webroot:/var/www
restart: unless-stopped
depends_on:
postgresql:
condition: service_healthy
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
# tcp service
# -----------
# - "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc.loadbalancer.server.port=${TCP_PORT1}, ${TCP_PORT2}, ${TCP_PORT3}, ${TCP_PORT4}, ${TCP_PORT5}, ${TCP_PORT6}, ${TCP_PORT7}, ${TCP_PORT7}"
# - "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc.loadbalancer.server.port=${TCP_PORT1}"
- "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc-1.loadbalancer.server.port=${TCP_PORT1}"
- "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc-2.loadbalancer.server.port=${TCP_PORT2}"
- "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc-3.loadbalancer.server.port=${TCP_PORT3}"
- "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc-4.loadbalancer.server.port=${TCP_PORT4}"
- "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc-5.loadbalancer.server.port=${TCP_PORT5}"
- "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc-6.loadbalancer.server.port=${TCP_PORT6}"
- "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc-7.loadbalancer.server.port=${TCP_PORT7}"
- "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc-8.loadbalancer.server.port=${TCP_PORT8}"
# tcp routers
# -----------
# limit router to sftp ":2022 - 2029" entrypoints
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-1.entrypoints=sftp1"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-2.entrypoints=sftp2"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-3.entrypoints=sftp3"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-4.entrypoints=sftp4"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-5.entrypoints=sftp5"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-6.entrypoints=sftp6"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-7.entrypoints=sftp7"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-8.entrypoints=sftp8"
# set match criteria for router, since this is not tls, header might not contain hostsni field; we're forced to use wildcard
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-1.rule=HostSNI(`*`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-2.rule=HostSNI(`*`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-3.rule=HostSNI(`*`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-4.rule=HostSNI(`*`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-5.rule=HostSNI(`*`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-6.rule=HostSNI(`*`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-7.rule=HostSNI(`*`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-8.rule=HostSNI(`*`)"
# assign svc target to router
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-1.service=${APPLICATION_NAME}-tcp-svc-1"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-2.service=${APPLICATION_NAME}-tcp-svc-2"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-3.service=${APPLICATION_NAME}-tcp-svc-3"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-4.service=${APPLICATION_NAME}-tcp-svc-4"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-5.service=${APPLICATION_NAME}-tcp-svc-5"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-6.service=${APPLICATION_NAME}-tcp-svc-6"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-7.service=${APPLICATION_NAME}-tcp-svc-7"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr-8.service=${APPLICATION_NAME}-tcp-svc-8"
#
# limit router to sftp ":2022 - 2029" entrypoints
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-1.entrypoints=sftp1"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-2.entrypoints=sftp2"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-3.entrypoints=sftp3"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-4.entrypoints=sftp4"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-5.entrypoints=sftp5"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-6.entrypoints=sftp6"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-7.entrypoints=sftp7"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-8.entrypoints=sftp8"
# set match criteria for router
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.rule=HostSNI(`${SUBDOMAIN1}.${DOMAINNAME}`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-1.rule=HostSNI(`${SUBDOMAIN1}.${DOMAINNAME}`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-2.rule=HostSNI(`${SUBDOMAIN1}.${DOMAINNAME}`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-3.rule=HostSNI(`${SUBDOMAIN1}.${DOMAINNAME}`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-4.rule=HostSNI(`${SUBDOMAIN1}.${DOMAINNAME}`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-5.rule=HostSNI(`${SUBDOMAIN1}.${DOMAINNAME}`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-6.rule=HostSNI(`${SUBDOMAIN1}.${DOMAINNAME}`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-7.rule=HostSNI(`${SUBDOMAIN1}.${DOMAINNAME}`)"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-8.rule=HostSNI(`${SUBDOMAIN1}.${DOMAINNAME}`)"
# set router to be dedicated to secure requests only for the hosts specified in match criteria
#- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-1.tls=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-2.tls=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-3.tls=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-4.tls=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-5.tls=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-6.tls=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-7.tls=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-8.tls=true"
# forward requests "as is" keeping all data encrypted.
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls.passthrough=true"
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls.options=tls-opts@file"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-1.tls.passthrough=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-2.tls.passthrough=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-3.tls.passthrough=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-4.tls.passthrough=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-5.tls.passthrough=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-6.tls.passthrough=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-7.tls.passthrough=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-8.tls.passthrough=true"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-1.tls.options=tls-opts@file"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-2.tls.options=tls-opts@file"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-3.tls.options=tls-opts@file"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-4.tls.options=tls-opts@file"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-5.tls.options=tls-opts@file"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-6.tls.options=tls-opts@file"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-7.tls.options=tls-opts@file"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-8.tls.options=tls-opts@file"
# generate certificates using following certresolver
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls.certresolver=solver-dns"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-1.tls.certresolver=solver-dns"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-2.tls.certresolver=solver-dns"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-3.tls.certresolver=solver-dns"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-4.tls.certresolver=solver-dns"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-5.tls.certresolver=solver-dns"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-6.tls.certresolver=solver-dns"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-7.tls.certresolver=solver-dns"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-8.tls.certresolver=solver-dns"
# assign svc target to router
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.service=${APPLICATION_NAME}-tcp-svc"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-1.service=${APPLICATION_NAME}-tcp-svc-1"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-2.service=${APPLICATION_NAME}-tcp-svc-2"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-3.service=${APPLICATION_NAME}-tcp-svc-3"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-4.service=${APPLICATION_NAME}-tcp-svc-4"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-5.service=${APPLICATION_NAME}-tcp-svc-5"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-6.service=${APPLICATION_NAME}-tcp-svc-6"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-7.service=${APPLICATION_NAME}-tcp-svc-7"
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr-8.service=${APPLICATION_NAME}-tcp-svc-8"
- "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${SERVICE_PORT}"
- "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${SUBDOMAIN1}.${DOMAINNAME}`)&& PathPrefix(`/`)"
- "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=middlewares-secure-headers@file"
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${SUBDOMAIN1}.${DOMAINNAME}`)&& PathPrefix(`/`)"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=sthomeresolver"
#- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-auth"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=middlewares-secure-headers@file"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"
postgresql:
image: postgres:16-alpine
hostname: ${POSTGRES_DB_HOST}
env_file: .postgresql.env
shm_size: 128mb # https://hub.docker.com/_/postgres
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
networks:
postgres-net:
secrets:
- ${APPLICATION_NAME}_postgresql_database
- ${APPLICATION_NAME}_postgresql_username
- ${APPLICATION_NAME}_postgresql_password
volumes:
- "${DATADIR}/pgdata:/var/lib/postgresql/data"
- "${DATADIR}/pgbackups:/mnt/backups"
Reference in New Issue View Git Blame Copy Permalink