yannic/selfhosting
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

network isolation

Browse source
This commit is contained in:
Yax 2021-12-12 12:02:11 +01:00
parent f8c8767a83
commit 2ea59dfae3
19 changed files with 121 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
0/docker-compose.networks.yml Executable file
View file

@ -0,0 +1,39 @@
version: '3'
networks:
dmz:
name: dmz
baikal-frontend:
name: baikal-frontend
blog-frontend:
name: blog-frontend
blog-backend:
name: blog-backend
deluge-frontend:
name: deluge-frontend
dokuwiki-frontend:
name: dokuwiki-frontend
glances-frontend:
name: glances-frontend
netdata-frontend:
name: netdata-frontend
netdata-backend:
name: netdata-backend
photo-frontend:
name: photo-frontend
photo-backend:
name: photo-backend
portainer-frontend:
name: portainer-frontend
posteio-frontend:
name: portainer-frontend
seafile-frontend:
name: seafile-frontend
selfoss-frontend:
name: selfoss-frontend
shaarli-frontend:
name: shaarli-frontend
wallabag-frontend:
name: wallabag-frontend
wwww-frontend:
name: wwww-frontend

5
0/docker-compose.yml
View file

@ -1,5 +0,0 @@
version: '3'
networks:
srv:

3
baikal/docker-compose.baikal.yml
View file

@ -5,7 +5,7 @@ services:
container_name: baikal container_name: baikal
image: ckulka/baikal:nginx image: ckulka/baikal:nginx
networks: networks:
- srv - baikal-frontend
expose: expose:
- 80 - 80
restart: unless-stopped restart: unless-stopped
@ -17,6 +17,7 @@ services:
- traefik.http.routers.baikal.rule=Host(`${HOST_BAIKAL}.${DOMAIN}`) - traefik.http.routers.baikal.rule=Host(`${HOST_BAIKAL}.${DOMAIN}`)
- traefik.http.routers.baikal.entrypoints=https - traefik.http.routers.baikal.entrypoints=https
- traefik.http.routers.baikal.tls=true - traefik.http.routers.baikal.tls=true
- traefik.docker.network=baikal-frontend
volumes: volumes:
baikal_config: baikal_config:

8
blog/docker-compose.blog.yml
View file

@ -7,7 +7,7 @@ services:
volumes: volumes:
- ${ROOT_INSTALL}/data/stacosys:/config - ${ROOT_INSTALL}/data/stacosys:/config
networks: networks:
- srv - blog-backend
restart: unless-stopped restart: unless-stopped
expose: expose:
- 8100 - 8100
@ -17,7 +17,8 @@ services:
depends_on: depends_on:
- stacosys - stacosys
networks: networks:
- srv - blog-backend
- blog-frontend
restart: unless-stopped restart: unless-stopped
expose: expose:
- 80 - 80
@ -25,4 +26,5 @@ services:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.blog.rule=Host(`${HOST_BLOG}.${DOMAIN}`) - traefik.http.routers.blog.rule=Host(`${HOST_BLOG}.${DOMAIN}`)
- traefik.http.routers.blog.entrypoints=https - traefik.http.routers.blog.entrypoints=https
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.docker.network=blog-frontend

7
deluge/docker-compose.deluge.yml
View file

@ -6,7 +6,7 @@ services:
image: linuxserver/deluge image: linuxserver/deluge
restart: unless-stopped restart: unless-stopped
networks: networks:
- srv - deluge-frontend
environment: environment:
DELUGE_LOGLEVEL: info DELUGE_LOGLEVEL: info
TZ: ${TZ} TZ: ${TZ}
@ -29,14 +29,15 @@ services:
- traefik.http.middlewares.sameOriginHeader.headers.customrequestheaders.X-Frame-Options=SAMEORIGIN - traefik.http.middlewares.sameOriginHeader.headers.customrequestheaders.X-Frame-Options=SAMEORIGIN
- traefik.http.middlewares.delugePStrip.stripprefix.prefixes=${PATH_DELUGE} - traefik.http.middlewares.delugePStrip.stripprefix.prefixes=${PATH_DELUGE}
- traefik.http.middlewares.delugeRedir.redirectregex.regex=^(.*)${PATH_DELUGE}$$ - traefik.http.middlewares.delugeRedir.redirectregex.regex=^(.*)${PATH_DELUGE}$$
- traefik.http.middlewares.delugeRedir.redirectregex.replacement=$${1}${PATH_DELUGE}/ - traefik.http.middlewares.delugeRedir.redirectregex.replacement=$${1}${PATH_DELUGE}/
- traefik.docker.network=deluge-frontend
torrent: torrent:
container_name: torrent container_name: torrent
image: kianby/nginx-streaming image: kianby/nginx-streaming
restart: unless-stopped restart: unless-stopped
networks: networks:
- srv - dmz
volumes: volumes:
- deluge_downloads:/downloads:ro - deluge_downloads:/downloads:ro
expose: expose:

6
dokuwiki/docker-compose.dokuwiki.yml
View file

@ -13,11 +13,11 @@ services:
volumes: volumes:
- ${ROOT_INSTALL}/data/dokuwiki:/config - ${ROOT_INSTALL}/data/dokuwiki:/config
networks: networks:
- srv - dokuwiki-frontend
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.dokuwiki.rule=Host(`${HOST_DOKUWIKI}.${DOMAIN}`) - traefik.http.routers.dokuwiki.rule=Host(`${HOST_DOKUWIKI}.${DOMAIN}`)
- traefik.http.routers.dokuwiki.entrypoints=https - traefik.http.routers.dokuwiki.entrypoints=https
- traefik.http.routers.dokuwiki.tls=true - traefik.http.routers.dokuwiki.tls=true
- traefik.docker.network=dokuwiki-frontend

5
glances/docker-compose.glances.yml
View file

@ -10,7 +10,7 @@ services:
- GLANCES_OPT=-w - GLANCES_OPT=-w
pid: host pid: host
networks: networks:
- srv - glances-frontend
expose: expose:
- 61208 - 61208
labels: labels:
@ -21,5 +21,6 @@ services:
- traefik.http.routers.glances.middlewares=glancesRedir,glancesPStrip - traefik.http.routers.glances.middlewares=glancesRedir,glancesPStrip
- traefik.http.middlewares.glancesPStrip.stripprefix.prefixes=${PATH_GLANCES} - traefik.http.middlewares.glancesPStrip.stripprefix.prefixes=${PATH_GLANCES}
- traefik.http.middlewares.glancesRedir.redirectregex.regex=^(.*)${PATH_GLANCES}$$ - traefik.http.middlewares.glancesRedir.redirectregex.regex=^(.*)${PATH_GLANCES}$$
- traefik.http.middlewares.glancesRedir.redirectregex.replacement=$${1}${PATH_GLANCES}/ - traefik.http.middlewares.glancesRedir.redirectregex.replacement=$${1}${PATH_GLANCES}/
- traefik.docker.network=glances-frontend

8
netdata/docker-compose.netdata.yml
View file

@ -23,14 +23,16 @@ services:
- /sys:/host/sys:ro - /sys:/host/sys:ro
- /etc/os-release:/host/etc/os-release:ro - /etc/os-release:/host/etc/os-release:ro
networks: networks:
- srv - netdata-frontend
- netdata-backend
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.netdata.rule=Host(`${HOST_NETDATA}.${DOMAIN}`) - traefik.http.routers.netdata.rule=Host(`${HOST_NETDATA}.${DOMAIN}`)
- traefik.http.routers.netdata.entrypoints=https - traefik.http.routers.netdata.entrypoints=https
- traefik.http.routers.netdata.tls=true - traefik.http.routers.netdata.tls=true
- traefik.http.routers.netdata.middlewares=auth - traefik.http.routers.netdata.middlewares=auth
- traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH} - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}
- traefik.docker.network=netdata-frontend
healthcheck: healthcheck:
disable: true disable: true
docker-proxy: docker-proxy:
@ -41,7 +43,7 @@ services:
environment: environment:
- CONTAINERS=1 - CONTAINERS=1
networks: networks:
- srv - netdata-backend
volumes: volumes:
netdataconfig: netdataconfig:

12
photo/docker-compose.photoview.yml
View file

@ -13,7 +13,7 @@ services:
volumes: volumes:
- photoview_db_data:/var/lib/mysql - photoview_db_data:/var/lib/mysql
networks: networks:
- srv - photo-backend
photoview: photoview:
container_name: photoview container_name: photoview
@ -24,7 +24,8 @@ services:
depends_on: depends_on:
- photoview-db - photoview-db
networks: networks:
- srv - photo-backend
- photo-frontend
environment: environment:
- PHOTOVIEW_DATABASE_DRIVER=mysql - PHOTOVIEW_DATABASE_DRIVER=mysql
- PHOTOVIEW_MYSQL_URL=photoview:photosecret@tcp(photoview-db)/photoview - PHOTOVIEW_MYSQL_URL=photoview:photosecret@tcp(photoview-db)/photoview
@ -60,9 +61,10 @@ services:
- SYS_ADMIN - SYS_ADMIN
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.pigallery_config.rule=Host(`${HOST_PHOTOVIEW}.${DOMAIN}`) - traefik.http.routers.photo.rule=Host(`${HOST_PHOTOVIEW}.${DOMAIN}`)
- traefik.http.routers.pigallery_config.entrypoints=https - traefik.http.routers.photo.entrypoints=https
- traefik.http.routers.pigallery_config.tls=true - traefik.http.routers.photo.tls=true
- traefik.docker.network=photo-frontend
volumes: volumes:
photoview_db_data: photoview_db_data:

7
photo/docker-compose.pigallery.yml
View file

@ -27,9 +27,10 @@ services:
disable: true disable: true
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.pigallery_config.rule=Host(`${HOST_PIGALLERY}.${DOMAIN}`) - traefik.http.routers.photo.rule=Host(`${HOST_PIGALLERY}.${DOMAIN}`)
- traefik.http.routers.pigallery_config.entrypoints=https - traefik.http.routers.photo.entrypoints=https
- traefik.http.routers.pigallery_config.tls=true - traefik.http.routers.photo.tls=true
- traefik.docker.network=photo-frontend
volumes: volumes:
pigallerydb_data: pigallerydb_data:

3
portainer/docker-compose.portainer.yml
View file

@ -9,7 +9,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data - portainer_data:/data
networks: networks:
- srv - portainer-frontend
restart: unless-stopped restart: unless-stopped
expose: expose:
- 9000 - 9000
@ -23,6 +23,7 @@ services:
- traefik.http.middlewares.portainerPStrip.stripprefix.prefixes=${PATH_PORTAINER} - traefik.http.middlewares.portainerPStrip.stripprefix.prefixes=${PATH_PORTAINER}
- traefik.http.middlewares.portainerRedir.redirectregex.regex=^(.*)${PATH_PORTAINER}$$ - traefik.http.middlewares.portainerRedir.redirectregex.regex=^(.*)${PATH_PORTAINER}$$
- traefik.http.middlewares.portainerRedir.redirectregex.replacement=$${1}${PATH_PORTAINER}/ - traefik.http.middlewares.portainerRedir.redirectregex.replacement=$${1}${PATH_PORTAINER}/
- traefik.docker.network=portainer-frontend
volumes: volumes:
portainer_data: portainer_data:

3
posteio/docker-compose.posteio.yml
View file

@ -21,7 +21,8 @@ services:
- traefik.http.routers.posteio.rule=Host(`${HOST_MAIL}.${DOMAIN}`) - traefik.http.routers.posteio.rule=Host(`${HOST_MAIL}.${DOMAIN}`)
- traefik.http.routers.posteio.entrypoints=https - traefik.http.routers.posteio.entrypoints=https
- traefik.http.routers.posteio.tls=true - traefik.http.routers.posteio.tls=true
- traefik.docker.network=posteio-frontend
networks: networks:
- srv - posteio-frontend
healthcheck: healthcheck:
disable: true disable: true

10
seafile/docker-compose.seafile.yml
View file

@ -8,7 +8,7 @@ services:
MYSQL_ROOT_PASSWORD: ${SEAFILE_DB_ROOT_PASSWORD} MYSQL_ROOT_PASSWORD: ${SEAFILE_DB_ROOT_PASSWORD}
image: mariadb:10.1 image: mariadb:10.1
networks: networks:
- srv - seafile-backend
volumes: volumes:
- seafile_db:/var/lib/mysql:rw - seafile_db:/var/lib/mysql:rw
restart: unless-stopped restart: unless-stopped
@ -17,7 +17,7 @@ services:
entrypoint: memcached -m 256 entrypoint: memcached -m 256
image: memcached:1.5.6 image: memcached:1.5.6
networks: networks:
- srv - seafile-backend
restart: unless-stopped restart: unless-stopped
seafile: seafile:
container_name: seafile container_name: seafile
@ -34,7 +34,8 @@ services:
TIME_ZONE: ${TZ} TIME_ZONE: ${TZ}
image: seafileltd/seafile-mc:latest image: seafileltd/seafile-mc:latest
networks: networks:
- srv - seafile-backend
- seafile-frontend
restart: unless-stopped restart: unless-stopped
expose: expose:
- 80 - 80
@ -53,7 +54,8 @@ services:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.seafile.rule=Host(`${HOST_SEAFILE}.${DOMAIN}`) - traefik.http.routers.seafile.rule=Host(`${HOST_SEAFILE}.${DOMAIN}`)
- traefik.http.routers.seafile.entrypoints=https - traefik.http.routers.seafile.entrypoints=https
- traefik.http.routers.seafile.tls=true - traefik.http.routers.seafile.tls=true
- traefik.docker.network=seafile-frontend
volumes: volumes:
seafile_db: seafile_db:

4
selfoss/docker-compose.selfoss.yml
View file

@ -7,7 +7,7 @@ services:
volumes: volumes:
- selfoss_data:/selfoss/data - selfoss_data:/selfoss/data
networks: networks:
- srv - selfoss-frontend
restart: unless-stopped restart: unless-stopped
expose: expose:
- 8888 - 8888
@ -20,7 +20,7 @@ services:
- traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000 - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000
- traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=134217728 - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=134217728
- traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000 - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000
- traefik.docker.network=selfoss-frontend
volumes: volumes:
selfoss_data: selfoss_data:

5
shaarli/docker-compose.shaarli.yml
View file

@ -8,7 +8,7 @@ services:
- shaarli-cache:/var/www/shaarli/cache - shaarli-cache:/var/www/shaarli/cache
- ${ROOT_INSTALL}/data/shaarli:/var/www/shaarli/data - ${ROOT_INSTALL}/data/shaarli:/var/www/shaarli/data
networks: networks:
- srv - shaarli-frontend
restart: unless-stopped restart: unless-stopped
expose: expose:
- 80 - 80
@ -16,7 +16,8 @@ services:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.shaarli.rule=Host(`${HOST_SHAARLI}.${DOMAIN}`) - traefik.http.routers.shaarli.rule=Host(`${HOST_SHAARLI}.${DOMAIN}`)
- traefik.http.routers.shaarli.entrypoints=https - traefik.http.routers.shaarli.entrypoints=https
- traefik.http.routers.shaarli.tls=true - traefik.http.routers.shaarli.tls=true
- traefik.docker.network=shaarli-frontend
volumes: volumes:
shaarli-cache: shaarli-cache:

16
traefik/docker-compose.traefik-local.yml
View file

@ -13,7 +13,21 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
networks: networks:
- srv - dmz
- baikal-frontend
- blog-frontend
- deluge-frontend
- dokuwiki-frontend
- glances-frontend
- netdata-frontend
- photo-frontend
- portainer-frontend
- posteio-frontend
- seafile-frontend
- selfoss-frontend
- shaarli-frontend
- wallabag-frontend
- wwww-frontend
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro

16
traefik/docker-compose.traefik.yml
View file

@ -43,7 +43,21 @@ services:
- 80:80 - 80:80
- 443:443 - 443:443
networks: networks:
- srv - dmz
- baikal-frontend
- blog-frontend
- deluge-frontend
- dokuwiki-frontend
- glances-frontend
- netdata-frontend
- photo-frontend
- portainer-frontend
- posteio-frontend
- seafile-frontend
- selfoss-frontend
- shaarli-frontend
- wallabag-frontend
- wwww-frontend
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro

3
wallabag/docker-compose.wallabag.yml
View file

@ -5,7 +5,7 @@ services:
container_name: wallabag container_name: wallabag
image: wallabag/wallabag image: wallabag/wallabag
networks: networks:
- srv - wallabag-frontend
expose: expose:
- 80 - 80
volumes: volumes:
@ -19,6 +19,7 @@ services:
- traefik.http.routers.wallabag.rule=Host(`${HOST_WALLABAG}.${DOMAIN}`) - traefik.http.routers.wallabag.rule=Host(`${HOST_WALLABAG}.${DOMAIN}`)
- traefik.http.routers.wallabag.entrypoints=https - traefik.http.routers.wallabag.entrypoints=https
- traefik.http.routers.wallabag.tls=true - traefik.http.routers.wallabag.tls=true
- traefik.docker.network=wallabag-frontend
volumes: volumes:
wallabag_data: wallabag_data:

3
www/docker-compose.www.yml
View file

@ -6,7 +6,7 @@ services:
image: kianby/www-madyanne image: kianby/www-madyanne
restart: unless-stopped restart: unless-stopped
networks: networks:
- srv - wwww-frontend
expose: expose:
- 80 - 80
labels: labels:
@ -14,4 +14,5 @@ services:
- traefik.http.routers.www.rule=Host(`${HOST_WWW}.${DOMAIN}`) - traefik.http.routers.www.rule=Host(`${HOST_WWW}.${DOMAIN}`)
- traefik.http.routers.www.entrypoints=https - traefik.http.routers.www.entrypoints=https
- traefik.http.routers.www.tls=true - traefik.http.routers.www.tls=true
- traefik.docker.network=wwww-frontend