homelab/docker-compose.yml.bak

version: "3.5"
services:

  traefik:
    image: docker.io/traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
      # - CF_API_KEY=YOUR_API_KEY
      # be sure to use the correct one depending on if you are using a token or key
    volumes:
      - /etc/localtime:/etc/localtime:ro
      # - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${PWD}/traefik/data/traefik.yml:/traefik.yml:ro
      - ${PWD}/traefik/data/acme.json:/acme.json
      - ${PWD}/traefik/data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.${URL}`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_USERNAME}:${TRAEFIK_PASSWORD}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.${URL}`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=${URL}"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${URL}"
      - "traefik.http.routers.traefik-secure.service=api@internal"


  portainer:
    image: docker.io/portainer/portainer-ce
    container_name: portainer
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${PWD}/portainer/data:/data
    ports:
      - 9000:9000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.entrypoints=http"
      - "traefik.http.routers.portainer.rule=Host(`portainer.${URL}`)"
      - "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
      - "traefik.http.routers.portainer-secure.entrypoints=https"
      - "traefik.http.routers.portainer-secure.rule=Host(`portainer.${URL}`)"
      - "traefik.http.routers.portainer-secure.tls=true"
      - "traefik.http.routers.portainer-secure.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
      - "traefik.docker.network=proxy"
  jellyfin:
    image: docker.io/jellyfin/jellyfin
    container_name: jellyfin
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true

    stdin_open: true # docker run -i
    tty: true # docker run -t
    # network_mode: "host"
    # networks:
    #   - proxy
    # user: uid:gid
    ports:
      - 0.0.0.0:8096:8096
    volumes:
      - /tank/jellyfin/config:/config
      - /tank/jellyfin/cache:/cache
      - /tank/jellyfin/media:/media
      - /tank/jellyfin/media2:/media2:ro
    # Optional - alternative address used for autodiscovery
    environment:
      - JELLYFIN_PublishedServerUrl=https://jellyfin.${URL}
    # Optional - may be necessary for docker healthcheck to pass if running in host network mode
    # extra_hosts:
    #   - "host.docker.internal:host-gateway"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.jellyfin.entrypoints=http"
      - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${URL}`)"
      - "traefik.http.middlewares.jellyfin-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.jellyfin.middlewares=jellyfin-https-redirect"
      - "traefik.http.routers.jellyfin-secure.entrypoints=https"
      - "traefik.http.routers.jellyfin-secure.rule=Host(`jellyfin.${URL}`)"
      - "traefik.http.routers.jellyfin-secure.tls=true"
      - "traefik.http.routers.jellyfin-secure.service=jellyfin"
      - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
      - "traefik.docker.network=proxy"

networks:
  proxy:
    external: true