version: "3.5" services: traefik: image: docker.io/traefik:latest container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true networks: - proxy ports: - 80:80 - 443:443 environment: - CF_API_EMAIL=${CF_API_EMAIL} - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} # - CF_API_KEY=YOUR_API_KEY # be sure to use the correct one depending on if you are using a token or key volumes: - /etc/localtime:/etc/localtime:ro # - /var/run/docker.sock:/var/run/docker.sock:ro - ${PWD}/traefik/data/traefik.yml:/traefik.yml:ro - ${PWD}/traefik/data/acme.json:/acme.json - ${PWD}/traefik/data/config.yml:/config.yml:ro labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=http" - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.${URL}`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_USERNAME}:${TRAEFIK_PASSWORD}" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.${URL}`)" - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare" - "traefik.http.routers.traefik-secure.tls.domains[0].main=${URL}" - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${URL}" - "traefik.http.routers.traefik-secure.service=api@internal" portainer: image: docker.io/portainer/portainer-ce container_name: portainer restart: unless-stopped security_opt: - no-new-privileges:true networks: - proxy volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ${PWD}/portainer/data:/data ports: - 9000:9000 labels: - "traefik.enable=true" - "traefik.http.routers.portainer.entrypoints=http" - "traefik.http.routers.portainer.rule=Host(`portainer.${URL}`)" - "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.portainer.middlewares=portainer-https-redirect" - "traefik.http.routers.portainer-secure.entrypoints=https" - "traefik.http.routers.portainer-secure.rule=Host(`portainer.${URL}`)" - "traefik.http.routers.portainer-secure.tls=true" - "traefik.http.routers.portainer-secure.service=portainer" - "traefik.http.services.portainer.loadbalancer.server.port=9000" - "traefik.docker.network=proxy" jellyfin: image: docker.io/jellyfin/jellyfin container_name: jellyfin restart: unless-stopped security_opt: - no-new-privileges:true stdin_open: true # docker run -i tty: true # docker run -t # network_mode: "host" # networks: # - proxy # user: uid:gid ports: - 0.0.0.0:8096:8096 volumes: - /tank/jellyfin/config:/config - /tank/jellyfin/cache:/cache - /tank/jellyfin/media:/media - /tank/jellyfin/media2:/media2:ro # Optional - alternative address used for autodiscovery environment: - JELLYFIN_PublishedServerUrl=https://jellyfin.${URL} # Optional - may be necessary for docker healthcheck to pass if running in host network mode # extra_hosts: # - "host.docker.internal:host-gateway" labels: - "traefik.enable=true" - "traefik.http.routers.jellyfin.entrypoints=http" - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${URL}`)" - "traefik.http.middlewares.jellyfin-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.jellyfin.middlewares=jellyfin-https-redirect" - "traefik.http.routers.jellyfin-secure.entrypoints=https" - "traefik.http.routers.jellyfin-secure.rule=Host(`jellyfin.${URL}`)" - "traefik.http.routers.jellyfin-secure.tls=true" - "traefik.http.routers.jellyfin-secure.service=jellyfin" - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" - "traefik.docker.network=proxy" networks: proxy: external: true