AdminTools

Portainer

Docker container management

All containers are in docker compose, but this is a good overview screen

 

  portainer:
    image: portainer/portainer-ce:latest
    container_name: "portainer"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/user/Share/Docker/portainer:/data
    restart: always
    links:
      - traefik
    networks:
      web:
        ipv4_address: 172.18.0.253
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer-web.rule=Host(`docker.kevinsloan.net`)"
      - "traefik.http.routers.portainer-web.entrypoints=web"
      - "traefik.http.routers.portainer-secured.rule=Host(`docker.kevinsloan.net`)"
      - "traefik.http.routers.portainer-secured.entrypoints=web-secured"
      - "traefik.http.routers.portainer-secured.tls.certresolver=mytlschallenge"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"

Traefik

Traefik used for ingress and cert management

traefik:
    image: traefik:v3
    restart: always
    container_name: traefik
    ports:
      - "80:80" # <== http
      #- "8080:8080" # <== :8080 is where the dashboard runs on
      - "443:443" # <== https
    command:
      #### These are the CLI commands that will configure Traefik and tell it how to work! ####
      ## API Settings - https://docs.traefik.io/operations/api/, endpoints - https://docs.traefik.io/operations/api/#endpoints ##
      - --api=true # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION
      - --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc...
      - --api.debug=true # <== Enabling additional endpoints for debugging and profiling
      - --serverstransport.insecureskipverify=true
      - --log.level=INFO
      #- --log.filepath=/var/logs/traefik.log
      - --accesslog=true
      #- --accesslog.filepath=/var/logs/traefik-access.log

      ## Log Settings (options: ERROR, DEBUG, PANIC, FATAL, WARN, INFO) - https://docs.traefik.io/observability/logs/ ##
      #- --log.level=DEBUG # <== Setting the level of the logs from traefik

      ## Provider Settings - https://docs.traefik.io/providers/docker/#provider-configuration ##
      - --providers.docker=true # <== Enabling docker as the provider for traefik
      - --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik, only expose enabled ones
      - --providers.file.filename=/dynamic.yml # <== Referring to a dynamic configuration file
      - --providers.file.directory=/rules
      - --providers.docker.network=web # <== Operate on the docker network named web

      ## Entrypoints Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
      - --entrypoints.web.address=:80 # <== Defining an entrypoint for port :80 named web
      - --entrypoints.web-secured.address=:443 # <== Defining an entrypoint for https on port :443 named web-secured
      - --entrypoints.web.http.redirections.entrypoint.to=web-secured
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.web-secured.asDefault=true
      - --entrypoints.web-secured.http.tls.certResolver=mytlschallenge

      ## Certificate Settings (Let's Encrypt) -  https://docs.traefik.io/https/acme/#configuration-examples ##
      - --certificatesResolvers.mytlschallenge.acme.httpChallenge.entryPoint=web
      - --certificatesresolvers.mytlschallenge.acme.tlschallenge=true # <== Enable TLS-ALPN-01 to generate and renew ACME certs
      - --certificatesresolvers.mytlschallenge.acme.email=kevin@kevinsloan.net # <== Setting email for certs
      - --certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json # <== Defining acme file to store cert information

    volumes:
      - ./.letsencrypt:/letsencrypt # <== Volume for certs (TLS)
      - /var/run/docker.sock:/var/run/docker.sock # <== Volume for docker admin
      - ./dynamic.yml:/dynamic.yml # <== Volume for dynamic conf file, **ref: line 27
      - ./rules:/rules
      - /mnt/user/Share/Docker/Traefik/logs:/var/logs

    networks:
      ## Placing traefik on the network named web, to access containers on this network
      web:
        ipv4_address: 172.18.0.2

    labels:
      #### Labels define the behavior and rules of the traefik proxy for this container ####
      - traefik.enable=true # <== Enable traefik on itself to view dashboard and assign subdomain to view it
      - traefik.http.routers.traefik-web.rule=Host(`traefik.kevinsloan.net`) # <== Setting the domain for the dashboard
      - traefik.http.routers.traefik-web.entrypoints=web
      - traefik.http.routers.traefik-secured.rule=Host(`traefik.kevinsloan.net`)
      - traefik.http.routers.traefik-secured.entrypoints=web-secured
      - traefik.http.routers.traefik-secured.service=api@internal # <== Enabling the api to be a service to access

 

rules directory to setup custom entrypoints

aoo-hassio.toml

[http.routers]
  [http.routers.hassio-rtr]
      entryPoints = ["web-secured"]
      rule = "Host(`homeassist.kevinsloan.net`)"
      service = "hassio-svc"
      [http.routers.hassio-rtr.tls]
        certresolver = "mytlschallenge"

[http.services]
  [http.services.hassio-svc]
    [http.services.hassio-svc.loadBalancer]
      passHostHeader = true
      [[http.services.hassio-svc.loadBalancer.servers]]
        url = "http://192.168.123.108:8123" # or whatever your external host's IP:port is

app-kuma.toml

[http.routers]
  [http.routers.kuma-rtr]
      entryPoints = ["web-secured"]
      rule = "Host(`kuma-uptime.kevinsloan.net`)"
      service = "kuma-svc"
      [http.routers.kuma-rtr.tls]
        certresolver = "mytlschallenge"

[http.services]
  [http.services.kuma-svc]
    [http.services.kuma-svc.loadBalancer]
      [[http.services.kuma-svc.loadBalancer.servers]]
        url = "http://192.168.123.101:80" # or whatever your external host's IP:port is

app-pihole.toml

[http.routers]
  [http.routers.pihole-rtr]
      entryPoints = ["web-secured"]
      rule = "Host(`pihole.kevinsloan.net`)"
      service = "pihole-svc"
      [http.routers.pihole-rtr.tls]
        certresolver = "mytlschallenge"

[http.services]
  [http.services.pihole-svc]
    [http.services.pihole-svc.loadBalancer]
      [[http.services.pihole-svc.loadBalancer.servers]]
        url = "http://192.168.123.107:80" # or whatever your external host's IP:port is

 

MySql

mysql db server used for other apps

  mysql:
    image: mysql:8.0
    container_name: "mysql"
    restart: "always"
    ports:
      - "3306:3306"
    volumes:
      - /mnt/user/Share/Docker/Webhost/mysql/data:/var/lib/mysql
      - /mnt/user/Share/Docker/Webhost/mysql/logs:/var/log/mysql
      - /mnt/user/Share/Docker/ombi/config:/tempombi/config
    environment:
      MYSQL_ROOT_PASSWORD: ${PASSWORD}
      MYSQL_DATABASE: website
      MYSQL_USER: ${USERNAME}
      MYSQL_PASSWORD: ${PASSWORD}
    networks:
      web:
        ipv4_address: 172.18.0.13

Guacamole

GuacD

Guacamole Daemon used for VNC, RDP, and SSH remotely

guacd:
    image: guacamole/guacd
    container_name: "guacd"
    restart: always
    networks:
      web:
        ipv4_address: 172.18.0.3

Guacamole

Apache Guacamole used for VNC, RDP, and SSH remotely requires GuacD

guacamole:
    image: guacamole/guacamole
    container_name: "guacamole"
    restart: always
    networks:
      web:
        ipv4_address: 172.18.0.4
    links:
      - guacd
      - traefik
    environment:
      - GUACD_HOSTNAME=guacd
      - MYSQL_HOSTNAME=mysql
      - MYSQL_DATABASE=guacamole_db
      - MYSQL_USER=${USERNAME}
      - MYSQL_PASSWORD=${PASSWORD}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.guac-web.rule=Host(`guac.kevinsloan.net`)"
      - "traefik.http.routers.guac-web.entrypoints=web"
      - "traefik.http.middlewares.add-guacamole.addprefix.prefix=/guacamole"
      - "traefik.http.routers.guac-secured.middlewares=add-guacamole"
      - "traefik.http.routers.guac-secured.rule=Host(`guac.kevinsloan.net`)"
      - "traefik.http.routers.guac-secured.entrypoints=web-secured"

Duplicati

Duplicati used for backups

Backing up both locally and to google drive all app configs

docker compose backup handled by github

  duplicati:
    image: linuxserver/duplicati
    container_name: duplicati
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
    volumes:
      - /mnt/user/Share/Docker/duplicati/config:/config
      - /mnt/user/FTP/backups:/backups
      - /mnt/user/Share/Docker:/source
    restart: unless-stopped
    links:
      - traefik
    networks:
      web:
        ipv4_address: 172.18.0.254
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.duplicati-web.rule=Host(`backup.kevinsloan.net`)"
      - "traefik.http.routers.duplicati-web.entrypoints=web"
      - "traefik.http.routers.duplicati-secured.rule=Host(`backup.kevinsloan.net`)"
      - "traefik.http.routers.duplicati-secured.entrypoints=web-secured"

Visual Studio Code

Web version of VSCode

  vscode:
    image: ksloan90/code-server:latest
    container_name: vscode
    restart: unless-stopped
    links:
      - traefik
    networks:
      web:
        ipv4_address: 172.18.0.20
    environment:
      - PUID=1000
      - GUID=1000
      - PASSWORD=${PASSWORD}
    volumes:
      - /mnt/user/Share/Docker/vscode:/config
      - /mnt/user/Share:/share
      #- /home/sloan:/home/sloan
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.vscode-web.rule=Host(`vscode.kevinsloan.net`)"
      - "traefik.http.routers.vscode-web.entrypoints=web"
      - "traefik.http.routers.vscode-secured.rule=Host(`vscode.kevinsloan.net`)"
      - "traefik.http.routers.vscode-secured.entrypoints=web-secured"
      - "com.centurylinklabs.watchtower.enable=false"

Bookstack

Bookstack pages used for documentation

  bookstack:
    image: linuxserver/bookstack
    container_name: bookstack
    environment:
      - PUID=1000
      - PGID=1000
      - DB_HOST=mysql
      - DB_USER=${USERNAME}
      - DB_PASS=${PASSWORD}
      - DB_DATABASE=bookstack
      - APP_URL=https://wiki.kevinsloan.net
    networks:
      web:
        ipv4_address: 172.18.0.23
    volumes:
      - /mnt/user/Share/Docker/bookstack/config:/config
    restart: unless-stopped
    depends_on:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.bookstack-web.rule=Host(`wiki.kevinsloan.net`)"
      - "traefik.http.routers.bookstack-web.entrypoints=web"
      - "traefik.http.routers.bookstack-secured.rule=Host(`wiki.kevinsloan.net`)"
      - "traefik.http.routers.bookstack-secured.entrypoints=web-secured"

Droppy

droppy app for quickly sharing files

  droppy:
    image: silverwind/droppy
    container_name: droppy
    restart: unless-stopped
    networks:
      web:
        ipv4_address: 172.18.0.15
    volumes:
      - /mnt/user/Share/Docker/droppy/config:/config
      - /mnt/user/FTP:/files
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TZ}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.droppy-web.rule=Host(`cloud.kevinsloan.net`)"
      - "traefik.http.routers.droppy-web.entrypoints=web"
      - "traefik.http.routers.droppy-secured.rule=Host(`cloud.kevinsloan.net`)"
      - "traefik.http.routers.droppy-secured.entrypoints=web-secured"

 

watchtower

Watchtower to auto-update containers

  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - TZ=${TZ}
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_SCHEDULE=0 0 7 * * *
      #- WATCHTOWER_POLL_INTERVAL=10      
      - WATCHTOWER_NOTIFICATIONS=slack
      - WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL=${Slack_Watchtower_URL}
    restart: unless-stopped

 

OSTicket

Ticket app to help organize plex issues for working

  osticket:
    image: devinsolutions/osticket
    container_name: "osticket"
    restart: always
    networks:
      web:
        ipv4_address: 172.18.0.12
    links:
      - mysql:mysql
      - traefik
    environment:
      - MYSQL_HOST=mysql
      - MYSQL_DATABASE=osticket_db
      - MYSQL_USER=${USERNAME}
      - MYSQL_PASSWORD=${PASSWORD}
      - TZ=${TZ}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.osticket-web.rule=Host(`help.kevinsloan.net`)"
      - "traefik.http.routers.osticket-web.entrypoints=web"
      - "traefik.http.routers.osticket-secured.rule=Host(`help.kevinsloan.net`)"
      - "traefik.http.routers.osticket-secured.tls=true"
      - "traefik.http.routers.osticket-secured.entrypoints=web-secured"