Init commit

2025-10-18 00:31:23 +01:00
commit fcd081c1c5
30 changed files with 4912 additions and 0 deletions
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@@ -0,0 +1,73 @@
+
+x-logging: &default-logging
+  options:
+    max-size: 32m
+    max-file: 4
+
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:3.5.1
+    restart: unless-stopped
+    env_file: .env
+    logging: *default-logging
+    depends_on:
+      - authelia
+    command:
+      - --api.insecure=true
+      - --providers.docker=true
+      - --providers.docker.watch=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.file.directory=/config
+      - --providers.file.watch=true
+
+      - --accesslog
+      - --accesslog.format=json
+
+      - --entryPoints.http.address=:80
+
+      - --entryPoints.http.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/14,192.168.0.0/16,fc00::/7
+      - --entryPoints.http.proxyProtocol.trustedIPs=192.168.0.0/16
+      - --entryPoints.http.forwardedHeaders.insecure=false
+      - --entryPoints.http.proxyProtocol.insecure=false
+
+      - --entryPoints.https=true
+      - --entryPoints.https.address=:443
+      - --entryPoints.https.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/14,192.168.0.0/16,fc00::/7
+      - --entryPoints.https.proxyProtocol.trustedIPs=192.168.0.0/16
+      - --entryPoints.https.forwardedHeaders.insecure=false
+      - --entryPoints.https.proxyProtocol.insecure=false
+
+      - --entryPoints.http.http.redirections.entrypoint.to=https
+      - --entryPoints.http.http.redirections.entrypoint.scheme=https
+
+      - --certificatesresolvers.letsencrypt
+      - --certificatesresolvers.letsencrypt.acme.storage=acme.json
+      - --certificatesresolvers.letsencrypt.acme.email=joemonk@hotmail.co.uk
+      - --certificatesresolvers.letsencrypt.acme.dnsChallenge.provider=route53
+      # Uncomment to use the staging env for testing volumes etc
+      - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+    ports:
+      - 80:80
+      - 443:443
+      - 8080:8080
+    volumes:
+      - /mnt/cache/appdata/traefik/config:/config
+      - /mnt/user/appdata/traefik/letsencrypt/acme.json:/acme.json
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    labels:
+      - traefik.enable=true
+
+      - traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth
+      - traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true
+      - traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email
+
+      - traefik.http.routers.traefik.entryPoints=https
+      - traefik.http.routers.traefik.rule=Host(`traefik.home.joemonk.co.uk`)
+      - traefik.http.routers.traefik.tls=true
+      - traefik.http.routers.traefik.tls.certresolver=letsencrypt
+      - traefik.http.routers.traefik.tls.domains[0].main=traefik.home.joemonk.co.uk
+      - traefik.http.routers.traefik.service=traefik
+      - traefik.http.routers.traefik.middlewares=authentik-traefik@docker
+
+      - traefik.http.services.traefik.loadbalancer.server.port=8080