version: '2.1' services: traefik: container_name: traefik image: "traefik" restart: unless-stopped network_mode: host depends_on: - portainer - nzbget - radarr - sonarr command: - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.docker.useBindPortIP=true" - "--providers.file=true" - "--providers.file.directory=/configuration/" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" - "--entrypoints.secureweb.address=:443" ports: - "80:80" - "443:443" - "8080:8080" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "/home/ddp/docker/traefik/:/configuration" - "/home/ddp/docker/letsencrypt/etc/:/letsencrypt" labels: - "traefik.http.routers.myth.rule=PathPrefix(`/mythweb/`)" - "traefik.http.services.myth.loadbalancer.server.port=5678" - "traefik.http.routers.myth.entrypoints=web" portainer: container_name: portainer image: portainer/portainer restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer_data:/data labels: - "traefik.enable=true" - "traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)" - "traefik.http.middlewares.stripprefix-portainer.stripprefix.prefixes=/portainer" - "traefik.http.routers.portainer.middlewares=stripprefix-portainer@docker" - "traefik.http.routers.portainer.entrypoints=web" plex: container_name: plex image: plexinc/pms-docker restart: unless-stopped environment: - TZ=Australia/Melbourne - PLEX_CLAIM= - PLEX_UID=500 - PLEX_GID=500 hostname: plex_dp volumes: - /myth/opt/plex/config:/config - /myth/opt/plex/transcode:/transcode - /myth/opt/storage:/data devices: - /dev/dvb:/dev/dvb ports: - "32400:32400" # - "1900:1900" - "3005:3005" - "5353:5353" - "8324:8324" - "32410:32410" - "32412:32412" - "32413:32413" - "32414:32414" - "32469:32469" nzbget: image: linuxserver/nzbget container_name: nzbget volumes: - /myth/opt/nzbget/config:/config - /myth/opt/nzbget/downloads:/downloads restart: unless-stopped environment: - PUID=500 - PGID=500 - TZ=Australia/Melbourne labels: - "traefik.enable=true" - "traefik.http.routers.nzbget.rule=PathPrefix(`/nzbget/`)" - "traefik.http.middlewares.stripprefix-nzbget.stripprefix.prefixes=/nzbget" - "traefik.http.routers.nzbget.middlewares=stripprefix-nzbget@docker" - "traefik.http.routers.nzbget.entrypoints=web" sonarr: container_name: sonarr image: linuxserver/sonarr restart: unless-stopped environment: - TZ=Australia/Melbourne - PUID=500 - PGID=500 labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.depaoli.id.au`)" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.entrypoints=secureweb" volumes: - /myth/opt/sonarr/config:/config - /myth/opt/storage/series:/tv - /myth/opt/nzbget/downloads/:/downloads radarr: container_name: radarr image: linuxserver/radarr restart: unless-stopped environment: - TZ=Australia/Melbourne - PUID=500 - PGID=500 labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.depaoli.id.au`)" - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.entrypoints=secureweb" volumes: - /myth/opt/radarr/config:/config - /myth/opt/storage/movies:/movies - /myth/opt/nzbget/downloads:/downloads emby: container_name: emby image: emby/embyserver restart: unless-stopped network_mode: host environment: - UID=500 - GID=500 # 44 is video for nvidia driver support / transcoding - GIDLIST=44 - TZ=Australia/Melbourne volumes: - /myth/opt/emby/config:/config - /myth/opt/emby/transcode:/transcode - /myth/opt/storage:/data - /myth/tv:/myth-recordings ports: - "8096:8096" - "8920:8920" - "7359:7359/udp" - "1900:1900/udp" # labels: # - "traefik.enable=true" # - "traefik.http.routers.emby.rule=Host(`emby.depaoli.id.au`)" # - "traefik.http.services.emby.loadbalancer.server.port=8096" # - "traefik.http.routers.emby.tls=true" # - "traefik.http.routers.emby.entrypoints=secureweb" devices: - /dev/dri:/dev/dri mail: image: tvial/docker-mailserver:latest hostname: mail domainname: depaoli.id.au container_name: mail ports: - "25:25" - "465:465" - "993:993" volumes: - maildata:/var/mail - mailstate:/var/mail-state - maillogs:/var/log/mail - ./config/:/tmp/docker-mailserver/ - /home/ddp/docker/letsencrypt/etc:/etc/letsencrypt environment: - ENABLE_SPAMASSASSIN=1 - ENABLE_CLAMAV=0 - ENABLE_FAIL2BAN=0 - ENABLE_POSTGREY=0 - SPOOF_PROTECTION=1 - ONE_DIR=1 - DMS_DEBUG=0 - ENABLE_LDAP=1 - LDAP_SERVER_HOST=openldap # your ldap container/IP/ServerName - LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au - LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au - LDAP_BIND_PW=a_real_admin_pass_word_for_2o20 - LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE)) - LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE)) - LDAP_QUERY_FILTER_ALIAS=(mailAlias=%s) - LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward))) - DOVECOT_PASS_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n)) - DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n)) - ENABLE_SASLAUTHD=1 - SASLAUTHD_MECHANISMS=ldap - SASLAUTHD_LDAP_SERVER=openldap - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au - SASLAUTHD_LDAP_PASSWORD=a_real_admin_pass_word_for_2o20 - SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au - SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person)) - POSTMASTER_ADDRESS=postmaster@depaoli.id.au - POSTFIX_MESSAGE_SIZE_LIMIT=100000000 - SSL_TYPE=letsencrypt cap_add: - NET_ADMIN - SYS_PTRACE openldap: image: osixia/openldap:latest container_name: openldap # command: "--loglevel debug" environment: LDAP_LOG_LEVEL: "256" LDAP_ORGANISATION: "Depaoli home ldap" LDAP_DOMAIN: "depaoli.id.au" LDAP_BASE_DN: "" LDAP_ADMIN_PASSWORD: "a_real_admin_pass_word_for_2o20" LDAP_CONFIG_PASSWORD: "config" LDAP_READONLY_USER: "false" LDAP_RFC2307BIS_SCHEMA: "false" LDAP_BACKEND: "mdb" LDAP_TLS: "true" LDAP_TLS_CRT_FILENAME: "ldap.crt" LDAP_TLS_KEY_FILENAME: "ldap.key" LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem" LDAP_TLS_CA_CRT_FILENAME: "ca.crt" LDAP_TLS_ENFORCE: "false" LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0" LDAP_TLS_PROTOCOL_MIN: "3.1" LDAP_TLS_VERIFY_CLIENT: "demand" LDAP_REPLICATION: "false" KEEP_EXISTING_CONFIG: "false" LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" LDAP_SSL_HELPER_PREFIX: "ldap" tty: true stdin_open: true volumes: - /home/ddp/docker/ldap/var/lib/ldap:/var/lib/ldap - /home/ddp/docker/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d - /home/ddp/docker/ldap/container/service/slapd/assets/certs:/container/service/slapd/assets/certs ports: - "389:389" - "636:636" phpldapadmin: image: osixia/phpldapadmin:latest container_name: phpldapadmin environment: PHPLDAPADMIN_LDAP_HOSTS: "openldap" PHPLDAPADMIN_HTTPS: "false" ports: - "38900:80" depends_on: - openldap # webmail (server) isotope-server: image: marcnuri/isotope:server-latest container_name: isotope-server labels: - "traefik.enable=true" - "traefik.http.routers.isotope-server.rule=PathPrefix(`/api/`)" - "traefik.http.middlewares.stripprefix-isotope-server.stripprefix.prefixes=/api" - "traefik.http.routers.isotope-server.middlewares=stripprefix-isotope-server@docker" - "traefik.http.routers.isotope-server.entrypoints=secureweb" - "traefik.http.routers.isotope-server.tls=true" # webmail (client) isotope-client: image: marcnuri/isotope:client-latest container_name: isotope-client labels: - "traefik.enable=true" - "traefik.http.routers.isotope-client.rule=Host(`webmail.depaoli.id.au`)" - "traefik.http.routers.isotope-client.rule=PathPrefix(`/`)" - "traefik.http.routers.isotope-client.entrypoints=secureweb" - "traefik.http.routers.isotope-client.tls=true" # override the default network to use the "user-generated" plex-net # weirdy, ONLY, user-generated networks allow DNS service discovery # (e.g. comms between containers on the 'name', e.g. nzbget resolves to the # internal ip on the bridged plex-net for the nzbget container) # finally, this only worked when the host (mara) had a routable DNS server in # /etc/resolv.conf -- It used to be a 127.0.0/24 addr, and this won't work in # a docker network, so it was then rewritten to resolving off of 8.8.8.8 and no # service discovery :( networks: default: external: name: plex-net volumes: portainer_data: maildata: driver: local mailstate: driver: local maillogs: driver: local # # letencrypt: # # goto modem and open port 80 for which server I am runing letsencrypt on # turn off any apache port 80 on the server I am on # mkdir -p ~/docker/letsencrypt # cd ~/docker/letsencrypt # sudo docker run --rm -ti -v $PWD/log/:/var/log/letsencrypt/ -v $PWD/etc/:/etc/letsencrypt/ -p 80:80 certbot/certbot certonly --standalone -d mail.depaoli.id.au # # to renew: # docker run --rm -ti -v $PWD/log/:/var/log/letsencrypt/ -v $PWD/etc/:/etc/letsencrypt/ -p 80:80 -p 443:443 certbot/certbot renew # #### LDAP commands: # sudo docker exec -it openldap bash # cd /container/service/slapd/assets/certs/ldifs/ # delete one: # ldapmodify -D "cn=admin,dc=depaoli,dc=id,dc=au" -w a_real_admin_pass_word_for_2o20 -H ldap:// -f del_users.ldif # add one (also other files in the /container/service/slapd/assets/certs/ldifs # dir) # ldapadd -D "cn=admin,dc=depaoli,dc=id,dc=au" -w a_real_admin_pass_word_for_2o20 -H ldap:// -f add_users.ldif # make a new pwd hash: # mkpasswd --rounds 500000 -m sha-512 --salt `head -c 40 /dev/random | base64 | sed -e 's/+/./g' | cut -b 10-25` 'Try to break this one!' ###### ldap postfix schema # # convert .schema to .ldif # # slap??? -f schema.conv -F /tmp # cp /tmp/*/{4}postfix* /container... # # cp {4}postfix*.ldif /etc/ldap/schema/cn=config/cn=schema/ ####### TRY TO mod the below setup onto my letsencrypt stuff in ~/docker # environment: # - LDAP_TLS_CRT_FILENAME=live/host.domain.com/cert.pem # - LDAP_TLS_KEY_FILENAME=live/host.domain.com/privkey.pem # - LDAP_TLS_CA_CRT_FILENAME=live/host.domain.com/fullchain.pem #volumes: # - /etc/letsencrypt:/container/service/slapd/assets/certs``