allout58/docker-compose.yaml

## docker-compose.yaml
version: '3.7'
services:
    traefik:
        image:  traefik:v2.2
        container_name: traefik
        labels:
            - 'traefik.enable=true'
            # TODO: Change the Domain
            - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
            - 'traefik.http.routers.api.entrypoints=https'
            - 'traefik.http.routers.api.service=api@internal'
            - 'traefik.http.routers.api.tls=true'
            - 'traefik.http.routers.api.tls.certresolver=letsencrypt'
            - 'traefik.http.routers.api.middlewares=authelia@docker'
        command:
            - '--api'
            - '--providers.docker=true'
            - '--providers.docker.exposedByDefault=false'
            - '--providers.file=true'
            - '--providers.file.directory=/etc/traefik/dynamic'
            - '--entrypoints.http=true'
            - '--entrypoints.http.address=:80'
            - '--entrypoints.http.http.redirections.entrypoint.to=https'
            - '--entrypoints.http.http.redirections.entrypoint.scheme=https'
            - '--entrypoints.http.http.redirections.entrypoint.priority=10'
            - '--entrypoints.https=true'
            - '--entrypoints.https.address=:443'
            # TODO: Replace the Email
            - '--certificatesResolvers.letsencrypt.acme.email=me@example.com'
            - '--certificatesResolvers.letsencrypt.acme.storage=/acme.json'
            - '--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http'
            # Enable the below line to create test certificates on the Let's Encrypt Staging Environment
            #- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
            - '--log=true'
            - '--log.level=INFO'
            - '--log.filepath=/var/log/traefik.log'
            - '--accesslog=true'
            #- '--accesslog.format=json'
            - '--accesslog.fields.headers.defaultmode=keep'
            - '--accesslog.filepath=/var/log/access.log'
        environment:
            - TZ=America/New_York
        ports:
            - 80:80
            - 443:443
        restart: always
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            # Remember, if it has to make a thing to map on the host filesystem, Docker defaults to creating files
            # `touch` each of the files below before starting up this container
            - ./traefik/acme.json:/acme.json
            - ./traefik/traefik.log:/var/log/traefik.log
            - ./traefik/access.log:/var/log/access.log
            - ./traefik/config:/etc/traefik/dynamic
        networks:
            - proxy_network

    authelia:
        image: authelia/authelia
        container_name: authelia
        volumes:
            # Follow the Authelia install instructions
            - ./authelia/authelia:/var/lib/authelia
            - ./authelia/configuration.yml:/etc/authelia/configuration.yml:ro
            - ./authelia/users_database.yml:/etc/authelia/users_database.yml
        networks:
            - proxy_network
        labels:
            - 'traefik.enable=true'
            # TODO: Change the domain
            - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)'
            - 'traefik.http.routers.authelia.entrypoints=https'
            - 'traefik.http.routers.authelia.tls=true'
            - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
            # TODO: Change the domain at the end
            - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com'
            - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
        expose:
            - 9091
        restart: unless-stopped
        environment:
            - TZ=America/New_York

    # Used by authelia
    redis:
        image: redis:alpine
        container_name: redis
        volumes:
            - ./redis:/data
        networks:
            - proxy_network
        expose:
            - 6379
        restart: unless-stopped
        environment:
            - TZ=America/New_York

    heimdall:
        image: linuxserver/heimdall
        container_name: heimdall
        volumes:
            - ./heimdal-config:/config
        labels:
            - 'traefik.enable=true'
            # TODO: Replace the domain
            - 'traefik.http.routers.heimdall.rule=Host(`services.example.com`)'
            - 'traefik.http.routers.heimdall.entrypoints=https'
            - 'traefik.http.routers.heimdall.tls=true'
            - 'traefik.http.routers.heimdall.tls.certresolver=letsencrypt'
            - 'traefik.http.routers.heimdall.middlewares=authelia@docker'
        environment:
            - PUID=1000
            - PGID=1000
            - TZ=America/New_York
        expose:
            - "80"
        restart: unless-stopped
        networks:
            - proxy_network

    speedtest:
        image: adolfintel/speedtest
        container_name: speedtest
        environment:
            - TZ=America/New_York
            - DISTANCE=mi
        labels:
            - 'traefik.enable=true'
            # TODO: Replace the domain
            - 'traefik.http.routers.speed.rule=Host(`speed.example.com`)'
            - 'traefik.http.routers.speed.entrypoints=https'
            - 'traefik.http.routers.speed.tls=true'
            - 'traefik.http.routers.speed.tls.certresolver=letsencrypt'
            - 'traefik.http.routers.speed.middlewares=authelia@docker'
        expose:
            - "80"
        restart: unless-stopped
        networks:
            - proxy_network

networks:
    proxy_network:

## traefik--config--hass.yaml
# file: <compose-root>/traefik/config/hass.yaml

########
# Add A Non-Docker endpoint to traefik (in this case, Home Assistant over a VPN IP)
########
http:
    routers:
        hass:
            # TODO: Replace the domain
            rule: Host(`hass.example.com`)
            service: hass-vpn
            tls:
                certResolver: letsencrypt
    services:
        hass-vpn:
            loadBalancer:
                servers:
                    - url: http://hass.vpn.example.com:8123
	version: '3.7'
	services:
	traefik:
	image: traefik:v2.2
	container_name: traefik
	labels:
	- 'traefik.enable=true'
	# TODO: Change the Domain
	- 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
	- 'traefik.http.routers.api.entrypoints=https'
	- 'traefik.http.routers.api.service=api@internal'
	- 'traefik.http.routers.api.tls=true'
	- 'traefik.http.routers.api.tls.certresolver=letsencrypt'
	- 'traefik.http.routers.api.middlewares=authelia@docker'
	command:
	- '--api'
	- '--providers.docker=true'
	- '--providers.docker.exposedByDefault=false'
	- '--providers.file=true'
	- '--providers.file.directory=/etc/traefik/dynamic'
	- '--entrypoints.http=true'
	- '--entrypoints.http.address=:80'
	- '--entrypoints.http.http.redirections.entrypoint.to=https'
	- '--entrypoints.http.http.redirections.entrypoint.scheme=https'
	- '--entrypoints.http.http.redirections.entrypoint.priority=10'
	- '--entrypoints.https=true'
	- '--entrypoints.https.address=:443'
	# TODO: Replace the Email
	- '--certificatesResolvers.letsencrypt.acme.email=me@example.com'
	- '--certificatesResolvers.letsencrypt.acme.storage=/acme.json'
	- '--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http'
	# Enable the below line to create test certificates on the Let's Encrypt Staging Environment
	#- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
	- '--log=true'
	- '--log.level=INFO'
	- '--log.filepath=/var/log/traefik.log'
	- '--accesslog=true'
	#- '--accesslog.format=json'
	- '--accesslog.fields.headers.defaultmode=keep'
	- '--accesslog.filepath=/var/log/access.log'
	environment:
	- TZ=America/New_York
	ports:
	- 80:80
	- 443:443
	restart: always
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	# Remember, if it has to make a thing to map on the host filesystem, Docker defaults to creating files
	# `touch` each of the files below before starting up this container
	- ./traefik/acme.json:/acme.json
	- ./traefik/traefik.log:/var/log/traefik.log
	- ./traefik/access.log:/var/log/access.log
	- ./traefik/config:/etc/traefik/dynamic
	networks:
	- proxy_network

	authelia:
	image: authelia/authelia
	container_name: authelia
	volumes:
	# Follow the Authelia install instructions
	- ./authelia/authelia:/var/lib/authelia
	- ./authelia/configuration.yml:/etc/authelia/configuration.yml:ro
	- ./authelia/users_database.yml:/etc/authelia/users_database.yml
	networks:
	- proxy_network
	labels:
	- 'traefik.enable=true'
	# TODO: Change the domain
	- 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)'
	- 'traefik.http.routers.authelia.entrypoints=https'
	- 'traefik.http.routers.authelia.tls=true'
	- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
	# TODO: Change the domain at the end
	- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com'
	- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
	expose:
	- 9091
	restart: unless-stopped
	environment:
	- TZ=America/New_York

	# Used by authelia
	redis:
	image: redis:alpine
	container_name: redis
	volumes:
	- ./redis:/data
	networks:
	- proxy_network
	expose:
	- 6379
	restart: unless-stopped
	environment:
	- TZ=America/New_York

	heimdall:
	image: linuxserver/heimdall
	container_name: heimdall
	volumes:
	- ./heimdal-config:/config
	labels:
	- 'traefik.enable=true'
	# TODO: Replace the domain
	- 'traefik.http.routers.heimdall.rule=Host(`services.example.com`)'
	- 'traefik.http.routers.heimdall.entrypoints=https'
	- 'traefik.http.routers.heimdall.tls=true'
	- 'traefik.http.routers.heimdall.tls.certresolver=letsencrypt'
	- 'traefik.http.routers.heimdall.middlewares=authelia@docker'
	environment:
	- PUID=1000
	- PGID=1000
	- TZ=America/New_York
	expose:
	- "80"
	restart: unless-stopped
	networks:
	- proxy_network

	speedtest:
	image: adolfintel/speedtest
	container_name: speedtest
	environment:
	- TZ=America/New_York
	- DISTANCE=mi
	labels:
	- 'traefik.enable=true'
	# TODO: Replace the domain
	- 'traefik.http.routers.speed.rule=Host(`speed.example.com`)'
	- 'traefik.http.routers.speed.entrypoints=https'
	- 'traefik.http.routers.speed.tls=true'
	- 'traefik.http.routers.speed.tls.certresolver=letsencrypt'
	- 'traefik.http.routers.speed.middlewares=authelia@docker'
	expose:
	- "80"
	restart: unless-stopped
	networks:
	- proxy_network

	networks:
	proxy_network:
	# file: <compose-root>/traefik/config/hass.yaml

	########
	# Add A Non-Docker endpoint to traefik (in this case, Home Assistant over a VPN IP)
	########
	http:
	routers:
	hass:
	# TODO: Replace the domain
	rule: Host(`hass.example.com`)
	service: hass-vpn
	tls:
	certResolver: letsencrypt
	services:
	hass-vpn:
	loadBalancer:
	servers:
	- url: http://hass.vpn.example.com:8123