Bonsoir a tous,
J’utilise également les containers pour faire tourner tout ce que je trouve d’utile
En gros mes principaux containers sont :
HomeAssistant :
version: '3'
services:
homeassistant:
container_name: Homeassistant
image: homeassistant/home-assistant
volumes:
- /sharedfolders/AppData/HomeAssistant:/config
- /sharedfolders/AppData/HomeAssistant/data:/data
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
privileged: true
network_mode: host
Portainer :
version: '3.7'
services:
Portainer:
restart: unless-stopped
container_name: Portainer
image: portainer/portainer-ce:latest
ports:
- "9000:9000"
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Paris
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./:/data
networks:
- traefik_proxy
labels:
##Pour autoriser l'accès via Traefik depuis l'extérieur##
- "traefik.enable=true"
- "traefik.docker.network=traefik_proxy"
- "traefik.port=9000"
- "traefik.backend=Portainer"
- "traefik.entryPoint=https"
- "traefik.frontend.rule=Host:mondomaine.com"
#########################################################
##Authentification 2FA avec google OAuth2 ###############################
- "traefik.frontend.auth.forward.address=http://oauth:4181"
- "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
- "traefik.frontend.auth.forward.trustForwardHeader=true"
#########################################################################
###Autoriser les MAJ auto via watchtower ###
- "com.centurylinklabs.watchtower.enable=true"
networks:
traefik_proxy:
external: true
Le container VPN (stack sous portainer) et quelques autres qui passent par le VPN :
version: "2"
services:
vpn:
image: qmcgaw/gluetun:latest
container_name: Gluetun
networks :
- VPN_Gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
labels:
com.centurylinklabs.watchtower.enable: true #MAJ auto via watchtower
ports:
- 8889:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 6595:6595 #Deemix
- 8998:17442 #YoutubeDL
- 8081:80 #Rutorrent
- 45000:45000 #Rutorrent Data
environment:
- TZ=Europe/Paris
- VPNSP=surfshark
- VPN_TYPE=openvpn
- SERVER_HOSTNAME=fr-bod.prod.surfshark.com
- PUID=1000
- PGID=100
- OPENVPN_USER=User_VPN
- OPENVPN_PASSWORD=Mdp_VPN
volumes:
- /sharedfolders/AppData/Gluetun:/gluetun
restart: unless-stopped
rutorrent:
network_mode: service:vpn
depends_on:
- vpn
image: linuxserver/rutorrent:latest
container_name: Rutorrent
volumes:
- /sharedfolders/SSD:/downloads
- /sharedfolders/AppData/Rutorrent:/config
- /sharedfolders/ZFS:/ZFS
labels:
com.centurylinklabs.watchtower.enable: true #MAJ auto via watchtower
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Paris
restart: unless-stopped
deemix:
network_mode: service:vpn
depends_on:
- vpn
image: registry.gitlab.com/bockiii/deemix-docker
container_name: Deemix
volumes:
- /sharedfolders/SSD:/downloads
- /sharedfolders/AppData/Deemix:/config
labels:
com.centurylinklabs.watchtower.enable: true #MAJ auto via watchtower
environment:
- PUID=1000
- PGID=100
- ARL=Mon_ID
- UMASK_SET=022
- DEEZUI=false
- TZ=Europe/Paris
restart: unless-stopped
Youtube_DL:
container_name: YoutubeDL
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Paris
- ALLOW_CONFIG_MUTATIONS=true
restart: unless-stopped
network_mode: service:vpn
depends_on:
- vpn
labels:
com.centurylinklabs.watchtower.enable: true #MAJ auto via watchtower
volumes:
- /sharedfolders/AppData/Youtube_DL:/app/appdata
- /sharedfolders/SSD/Youtube_DL:/app/audio
- /sharedfolders/SSD/Youtube_DL:/app/video
- /sharedfolders/AppData/Youtube_DL/subscriptions:/app/subscriptions
- /sharedfolders/AppData/Youtube_DL/users:/app/users
image: tzahi12345/youtubedl-material:latest
networks :
VPN_Gluetun :
external: true
Traefik pour la partie revers proxy :
version: "3"
services:
Traefik:
container_name: Traefik
domainname: mondomaine.com
entrypoint:
- /traefik
environment:
- CF_API_EMAIL=monmail@mail.com
- CF_API_KEY=Mon_API_KEY
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
hostname: Traefik
image: traefik:v1.7.21
ipc: shareable
labels:
com.docker.compose.oneoff: False
com.docker.compose.project: traefik
com.docker.compose.project.config_files: docker-compose.yml
com.docker.compose.project.working_dir: /sharedfolders/AppData/Traefik
com.docker.compose.service: traefik
com.docker.compose.version: 1.25.4
org.opencontainers.image.description: 'A modern reverse-proxy'
org.opencontainers.image.documentation: https://docs.traefik.io
org.opencontainers.image.title: Traefik
org.opencontainers.image.url: https://traefik.io
org.opencontainers.image.vendor: Containous
org.opencontainers.image.version: v1.7.21
traefik.backend: traefik
traefik.docker.network: traefik_proxy
traefik.enable: true
traefik.frontend.auth.forward.address: http://oauth:4181
'traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User': ""
traefik.frontend.auth.forward.trustForwardHeader: true
traefik.frontend.headers.SSLHost: mondomaine.com
traefik.frontend.headers.SSLRedirect: true
traefik.frontend.headers.STSIncludeSubdomains: true
traefik.frontend.headers.STSPreload: true
traefik.frontend.headers.STSSeconds: 315360000
traefik.frontend.headers.browserXSSFilter: true
traefik.frontend.headers.contentTypeNosniff: true
'traefik.frontend.headers.customFrameOptionsValue: allow-from https:modom.com': ""
traefik.frontend.headers.forceSTSHeader: true
traefik.frontend.rule: Host:mondomaine.com
traefik.port: 8080
logging:
driver: json-file
options: {}
networks:
- traefik_proxy
ports:
- 8443:443/tcp
- 88:80/tcp
- 8888:8080/tcp
restart: unless-stopped
volumes:
- /sharedfolders/AppData/Traefik/services.toml:/etc/traefik/services.toml:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
- /sharedfolders/AppData/Traefik/traefik.toml:/etc/traefik/traefik.toml:rw
- /sharedfolders/AppData/Traefik/acme.json:/etc/traefik/acme.json:rw
networks:
traefik_proxy:
external: true
OAuth pour faire une authentification 2FA chez Google :
version: "3"
services:
oauth:
container_name: oauth
entrypoint:
- ./traefik-forward-auth
environment:
- PROVIDERS_GOOGLE_CLIENT_ID=Is_Account
- PROVIDERS_GOOGLE_CLIENT_SECRET=Google_Secret
- SECRET=MonSecret
- COOKIE_DOMAIN=mondomaine.com
- INSECURE_COOKIE=false
- AUTH_HOST=oauth.mondomaine.com
- URL_PATH=/_oauth
- WHITELIST=monmail@mail.com
- LOG_LEVEL=info
- LIFETIME=2592000
- TZ=Europe/Paris
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
hostname: oauth
image: thomseddon/traefik-forward-auth
ipc: shareable
labels:
com.docker.compose.container-number: 1
com.docker.compose.oneoff: False
com.docker.compose.project: oauth
com.docker.compose.project.config_files: docker-compose.yml
com.docker.compose.project.working_dir: /sharedfolders/AppData/OAuth
com.docker.compose.service: oauth
com.docker.compose.version: 1.25.4
traefik.backend: oauth
traefik.docker.network: traefik_proxy
traefik.enable: true
traefik.frontend.auth.forward.address: http://oauth:4181
traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User
traefik.frontend.auth.forward.trustForwardHeader: true
traefik.frontend.headers.SSLForceHost: true
traefik.frontend.headers.SSLHost: oauth.mondomaine.com
traefik.frontend.headers.SSLRedirect: true
traefik.frontend.headers.STSIncludeSubdomains: true
traefik.frontend.headers.STSPreload: true
traefik.frontend.headers.STSSeconds: 315360000
traefik.frontend.headers.browserXSSFilter: true
traefik.frontend.headers.contentTypeNosniff: true
traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
traefik.frontend.headers.forceSTSHeader: true
traefik.frontend.headers.frameDeny: true
traefik.frontend.passHostHeader: true
traefik.frontend.rule: Host:oauth.mondomaine.com
traefik.port: 4181
logging:
driver: json-file
options: {}
networks:
- traefik_proxy
restart: unless-stopped
networks:
traefik_proxy:
external: true
C’est sans doute loin d’être parfait car je débute dans la partie container mais cela fonctionne pour le moment
J’ai également un container AdGuardHome, TeamSpeak, BitwardenRS et Watchtower pour les MAJ auto des containers.