put rspamd web behind traefik, and hide it on local port. fixed up poor username/password combo for influxdb, added localtime to a few containers that did not have it, created a new web server that handles php covering my local needs to serve the landing page / images & mythweb

docker-compose.yml

@@ -224,9 +224,14 @@ services:
       - "465:465"
       - "587:587"
       - "993:993"
-      - "11334:11334"
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "traefik.enable=true"
+      - "traefik.http.routers.mail.rule=PathPrefix(`/rspamd/`)"
+      - "traefik.http.middlewares.stripprefix-mail.stripprefix.prefixes=/rspamd"
+      - "traefik.http.routers.mail.middlewares=stripprefix-mail@docker"
+      - "traefik.http.services.mail.loadbalancer.server.port=11334"
+      - "traefik.http.routers.mail.entrypoints=web"
     depends_on:
       - pihole
       - openldap
@@ -445,6 +450,7 @@ services:
       - /srv/docker/container/mosquitto:/mosquitto
       - /srv/docker/container/mosquitto/data:/mosquitto/data
       - /srv/docker/container/mosquitto/log:/mosquitto/log
+      - /etc/localtime:/etc/localtime:ro
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
     ports:
@@ -500,9 +506,8 @@ services:
       - "8086:8086"
     environment:
       - DOCKER_INFLUXDB_INIT_MODE=setup
-      - DOCKER_INFLUXDB_INIT_USERNAME=telegraf_user
-      - DOCKER_INFLUXDB_INIT_PASSWORD=my-password
       - DOCKER_INFLUXDB_INIT_ORG=mara
+      - DOCKER_INFLUXDB_INIT_USERNAME=telegraf
       - DOCKER_INFLUXDB_INIT_BUCKET=telegraf
       - DOCKER_INFLUXDB_INIT_RETENTION=2w
       - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=3qBckkybwMWoyZ16dqVD9gufoYYLwKkX_i296J30wekVpwxuCQe8p
@@ -511,6 +516,7 @@ services:
     volumes:
       - /srv/docker/container/influxdb/data:/var/lib/influxdb2
       - /srv/docker/container/influxdb/config:/etc/influxdb2
+      - /etc/localtime:/etc/localtime:ro
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
     restart: always
@@ -651,8 +657,8 @@ services:
     ports:
       - '5001:5000'
     volumes:
-      - /etc/localtime:/etc/localtime:ro
       - /home/ddp/src/pybook/:/pybook_mapped_volume
+      - /etc/localtime:/etc/localtime:ro
     labels:
       - "com.centurylinklabs.watchtower.enable=false"
 
@@ -760,24 +766,24 @@ services:
       - "traefik.tcp.routers.tix-tcp.entrypoints=secureweb"
 
   vaultwarden:
-    container_name: bitwarden
+    container_name: vaultwarden
     restart: always
     image: vaultwarden/server
     depends_on:
       - pihole
       - openldap
     volumes:
-      - /srv/docker/container/bitwarden_rs/data:/data
+      - /srv/docker/container/vaultwarden:/data
       - /etc/localtime:/etc/localtime:ro
     environment:
       - "ORG_EVENTS_ENABLED=true"
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "traefik.enable=true"
-      - "traefik.http.routers.bitwarden_rs.rule=Host(`bw.depaoli.id.au`)"
+      - "traefik.http.routers.vaultwarden.rule=Host(`bw.depaoli.id.au`)"
-      - "traefik.http.routers.bitwarden_rs.tls=true"
+      - "traefik.http.routers.vaultwarden.tls=true"
-      - "traefik.http.routers.bitwarden_rs.tls.options=tls12@file"
+      - "traefik.http.routers.vaultwarden.tls.options=tls12@file"
-      - "traefik.http.routers.bitwarden_rs.entrypoints=secureweb"
+      - "traefik.http.routers.vaultwarden.entrypoints=secureweb"
 
   # auto-update docker images
   watchtower:
@@ -933,8 +939,9 @@ services:
     volumes:
       - /srv/docker/container/kuma:/app/data
       - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /etc/localtime:/etc/localtime:ro
     ports:
-      - 3001:3001  # <Host Port>:<Container Port>
+      - 3001:3001  # leave these in case mon.depaoli.id.au is inaccessible
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "traefik.enable=true"
@@ -980,6 +987,7 @@ services:
       - /srv/docker/container/mythtv/db/data:/var/lib/mysql
       - /srv/docker/container/mythtv/db/log:/var/log/mysql
       - /srv/docker/container/mythtv/db/mythtv.cnf:/etc/mysql/conf.d/mythtv.cnf
+      - /etc/localtime:/etc/localtime:ro
 
   # hacked entrypoint to 'add' to this container so it works as mara needs
   myth:
@@ -999,12 +1007,17 @@ services:
       DBNAME: mythconverg
       # needs to be ip not container name as the host network_mode and DNS dont work together
       # test this as mythdb and remove network_mode host when I can
-      DBSERVER: 192.168.0.2
+      DBSERVER: mythdb
       LANG: en_US.UTF-8
       LANGUAGE: en_US.UTF-8
       LOCALHOSTNAME: mara
       TZ: Australia/Melbourne
-    network_mode: host
+#    network_mode: host
+    ports:
+      - "6543:6543"
+      - "6544:6544"
+      - "6549:6549"
+      - "6744:6744"
     entrypoint: >
       /bin/bash -c "
         /root/mara-init/fix_uids.sh
@@ -1046,6 +1059,7 @@ services:
         - /srv/docker/config/secrets/wiki
     volumes:
       - /srv/docker/container/wiki:/config
+      - /etc/localtime:/etc/localtime:ro
     restart: unless-stopped
     depends_on:
       - wikidb
@@ -1068,6 +1082,22 @@ services:
     volumes:
       - /srv/docker/container/wikidb/config:/config
       - /srv/docker/container/wikidb/data:/var/lib/mysql
+      - /etc/localtime:/etc/localtime:ro
     restart: unless-stopped
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+
+  web:
+    image: php:apache
+    container_name: web
+    volumes:
+      - /srv/docker/container/web/data:/var/www/html
+      - /srv/docker/container/web/mara-init:/root/mara-init
+      - /etc/localtime:/etc/localtime:ro
+    restart: unless-stopped
+    entrypoint: "/root/mara-init/entrypoint-wrapper.sh"
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+      - "traefik.enable=true"
+      - "traefik.http.routers.web.rule=Host(`mara.ddp.net`) && ( Path(`/`) || PathPrefix(`/images` ) || PathPrefix(`/mythweb`) )"
+      - "traefik.http.routers.web.entrypoints=web"