TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d067d5f1f7
docker-apps/pihole/stacks/compose.yml
Chris d067d5f1f7 first commit
2025-04-03 22:57:52 +02:00

72 lines
3.2 KiB
YAML
Raw Blame History

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
name: pihole
networks:
traefik-net:
external: true
secrets:
pihole_webpassword:
file: ${SECRETSDIR}/pihole_webpassword
services:
pihole:
image: pihole/pihole:latest
hostname: pihole
env_file: .pihole.env
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
# ports:
# - "53:53/tcp"
# - "53:53/udp"
# - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
# - "80:80/tcp"
networks:
- traefik-net
# Volumes store your data between container upgrades
volumes:
- "${DATADIR}/config:/etc/pihole"
- "${DATADIR}/appdata:/etc/dnsmasq.d"
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# cap_add:
# - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: unless-stopped
secrets:
- pihole_webpassword
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
# http middlewares
# ---------------------------
#- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}"
#- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.usersfile=/mnt/users/${APPLICATION_NAME}.txt"
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.permanent=true"
#
# http services
# -------------
- "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
#
# http routers
# ------------
# limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml)
- "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-https-redirect"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
#
# limit router to websecure ":443" entrypoint
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# set router to be dedicated to secure requests only for the host specified in match criteria
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
# generate certificates using following certresolver
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=sthomeresolver"
# attach middlewares to routers
#- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-auth"
# assign svc target to routers
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"
Reference in New Issue View Git Blame Copy Permalink