version: '3' networks: gitea: external: false pubnet: external: false volumes: traefik_acme: traefik_logs: nginx_logs: services: traefik: image: "traefik:v2.2" ports: - "80:80" - "443:443" - "222:222" # gitea ssh - "8080:8080" - "5000:5000" # bouncer default port environment: DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}" networks: pubnet: gitea: volumes: - "/home/josiah/apps/awful/letsencrypt/:/letsencrypt" - "/var/run/docker.sock:/var/run/docker.sock:ro" - "/home/josiah/apps/awful/traefik.yml:/etc/traefik/traefik.yml" - traefik_logs:/log labels: - "traefik.enable=true" - "traefik.http.routers.edge.rule=hostregexp(`{host:.+}`)" - "traefik.http.routers.edge.entrypoints=web" - "traefik.http.routers.edge.middlewares=redirect-to-https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" whoami: image: "containous/whoami" labels: - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`whoami.awful.club`)" - "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.tls.certresolver=awful-letsencrypt" - "traefik.http.routers.whoami.tls=true" networks: pubnet: nginx: image: nginx:1.17.10 volumes: - /etc/nginx/:/etc/nginx/ - /etc/letsencrypt/:/etc/letsencrypt/ - /home/josiah/apps/awful/awful.club.html:/var/www/awful.club/html/index.html - nginx_logs:/log labels: - "traefik.enable=true" - "traefik.http.routers.nginx.rule=Host(`awful.club`)||Host(`jowj.net`)" - "traefik.http.routers.nginx.entrypoints=websecure" - "traefik.http.routers.nginx.tls.certresolver=awful-letsencrypt" networks: pubnet: gitea-server: image: gitea/gitea:latest environment: - USER_UID=1000 - USER_GID=1000 - DB_TYPE=postgres - DB_HOST=gitea-db:5432 - DB_NAME={{ GITEA_DB_NAME }} - DB_USER={{ GITEA_DB_USER }} - DB_PASSWD={{ GITEA_DB_PASSWD }} networks: gitea: ipv4_address: 172.28.1.2 volumes: - /mnt/volume_sfo2_01/gitea:/data depends_on: - gitea-db labels: # global rules - "traefik.enable=true" # the web ui - "traefik.http.routers.gitea-web.rule=Host(`git.awful.club`)" - "traefik.http.routers.gitea-web.entrypoints=websecure" - "traefik.http.routers.gitea-web.service=gitea-web-svc" - "traefik.http.routers.gitea-web.tls=true" - "traefik.http.routers.gitea-web.tls.certresolver=awful-letsencrypt" - "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000" # handle ssh - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)" - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh" - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc" - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22" gitea-db: image: postgres:9.6 environment: - POSTGRES_USER={{ GITEA_POSTGRES_USER }} - POSTGRES_PASSWORD={{ GITEA_POSTGRES_USER }} - POSTGRES_DB={{ GITEA_POSTGRES_USER }} networks: gitea: ipv4_address: 172.28.1.3 volumes: - /mnt/volume_sfo2_01/psql:/var/lib/postgresql/data bouncer: build: context: /home/josiah/apps/znc/ dockerfile: Dockerfile image: znc volumes: - /mnt/volume_sfo2_znc/:/znc-data networks: pubnet: labels: - "traefik.enable=true" # handle web ui - "traefik.http.routers.bouncer-web.rule=Host(`bouncer.awful.club`)" - "traefik.http.routers.bouncer-web.entrypoints=websecure" - "traefik.http.routers.bouncer-web.tls.certresolver=awful-letsencrypt" - "traefik.http.routers.bouncer-web.service=bouncer-web-svc" - "traefik.http.routers.bouncer-web.tls=true" - "traefik.http.services.bouncer-web-svc.loadbalancer.server.port=5001" # handle irc - "traefik.tcp.routers.bouncer-irc.rule=HostSNI(`*`)" - "traefik.tcp.routers.bouncer-irc.entrypoints=irc" - "traefik.tcp.routers.bouncer-irc.service=bouncer-irc-svc" - "traefik.tcp.services.bouncer-irc-svc.loadbalancer.server.port=5000" freshrss: image: linuxserver/freshrss container_name: freshrss environment: - PUID=1000 - PGID=1000 - TZ=Europe/London volumes: - /mnt/shared_document_store/freshrss:/config restart: unless-stopped networks: pubnet: labels: # global rules - "traefik.enable=true" # the web ui - "traefik.http.routers.freshrss.rule=Host(`rss.awful.club`)" - "traefik.http.routers.freshrss.entrypoints=websecure" - "traefik.http.routers.freshrss.tls=true" - "traefik.http.routers.freshrss.tls.certresolver=awful-letsencrypt"