hhf/docker-compose
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
hhftechnologies 2024-09-28 09:59:12 +05:30
parent 1566dd9f60
commit dbb998c18a
341 changed files with 14731 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
0_skeleton/README.md Normal file
View file

@ -0,0 +1,7 @@
# References
- https://docs.docker.com/compose/gettingstarted/
# Notes
This is an example skeleton to use. Usually combined with Traefik as reverse proxy.

45
0_skeleton/docker-compose.yml Normal file
View file

@ -0,0 +1,45 @@
version: '3.3'
services:
example:
image: user/image:tag
container_name: example
hostname: example
#user: 1000:1000
#depends_on:
# - xxx
restart: unless-stopped
ports:
- 8080:8080/tcp
expose:
- 8080
volumes:
#- /etc/localtime:/etc/localtime:ro
#- /etc/timezone:/etc/timezone:ro
#- /var/run/docker.sock:/var/run/docker.sock:ro
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/example:/opt/example/data
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.CHANGEME.rule=Host(`service.example.com`)
# - traefik.http.services.CHANGEME.loadbalancer.server.port=8080
# # Optional part when proxying to services that already provide ssl/tls
# - traefik.http.services.CHANGEME.loadbalancer.server.scheme=https
# - traefik.http.services.CHANGEME.loadbalancer.serverstransport=insecureTransport@file
# # Optional part for file upload max sizes
# - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
# # Optional part for traefik middlewares
# - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file,authelia@docker
#networks:
# proxy:
# external: true

409
README.md Normal file
View file

@ -0,0 +1,409 @@
> [!CAUTION]
> The samples are intended for local development environments such as project setups, tinkering with software stacks, etc. These samples may be deployed in production environments or exposed to the Internet but please adhere to general hardening and security guidelines. Adjust all default credentials, use a separate `.env` file or platform for secret management, implement a backup process and have a tested disaster recovery plan. Use a reverse proxy to stream-line your web service exposure and provide an encrypted HTTPS communication channel with trusted SSL certificates.
## 🐳 Project List
### Table of Contents (ToC)
- [Analytics](#analytics)
- [Archiving and Digital Preservation (DP)](#archiving-and-digital-preservation-dp)
- [Asset Management](#asset-management)
- [Audio and Video Management](#audio-and-video-management)
- [Automation and Monitoring](#automation-and-monitoring)
- [Backups](#backups)
- [Blogging Platforms and Homepages](#blogging-platforms-and-homepages)
- [Communication - Social Networks, Forums and Video Conferencing](#communication---social-networks-forums-and-video-conferencing)
- [Document Management](#document-management)
- [Domain Name Service (DNS)](#domain-name-service-dns)
- [E-commerce](#e-commerce)
- [File Transfer & Synchronization](#file-transfer--synchronization)
- [Games and Control Panels](#games-and-control-servers)
- [Genealogy](#genealogy)
- [Identity Management - Single Sign-On (SSO) & LDAP](#identity-management---single-sign-on-sso--ldap)
- [LLM & AI](#large-language-models--ai)
- [Miscellaneous](#miscellaneous)
- [Money, Budgeting & Management](#money-budgeting--management)
- [Note-taking & Editors](#note-taking--editors)
- [Password Managers](#password-managers)
- [Pastebins](#pastebins)
- [Personal Dashboards](#personal-dashboards)
- [Photo and Video Galleries](#photo-and-video-galleries)
- [Proxy](#proxy)
- [Recipe Management](#recipe-management)
- [Request Bins](#request-bins)
- [Security & Privacy](#security--privacy)
- [Software Development - Project Management, DevOps](#software-development---project-management-devops)
- [URL Shorteners](#url-shorteners)
- [Virtual Private Network (VPN) & Remote Access](#virtual-private-network-vpn--remote-access)
- [Wikis & Knowledge Base](#wikis--knowledge-base)
### Personal Dashboards
**[`^ back to top ^`](#-project-list)**
Dashboards for accessing information and applications.
- [Homepage](examples/homepage) - A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations.
- [Homer](examples/homer) - A dead simple static homepage to expose your server services, with an easy yaml configuration and connectivity check.
- [Dashy](examples/dashy) - Feature-rich homepage for your homelab, with easy YAML configuration.
- [Homarr](examples/homarr) - A sleek, modern dashboard that puts all of your apps and services at your fingertips.
- [Flame](examples/flame) - Flame is self-hosted startpage for your server. Easily manage your apps and bookmarks with built-in editors.
- [Heimdall](examples/heimdall) - Heimdall is an elegant solution to organise all your web applications.
### Password Managers
**[`^ back to top ^`](#-project-list)**
A [password manager](https://en.wikipedia.org/wiki/Password_manager) allows users to store, generate, and manage their passwords for local applications and online services.
- [Vaultwarden](examples/vaultwarden) - Lightweight Bitwarden server API implementation written in Rust. Unlocks paid Bitwarden features such as 2FA.
- [Bitwarden Unified](examples/bitwarden-unified) - Official Bitwarden deployment option (beta) targeting selfhosters by providing a resource-efficient, single Docker image with multiple database support.
- [Passbolt CE](examples/passbolt) - Passbolt CE open source password manager for teams based on GPG.
### Proxy
**[`^ back to top ^`](#-project-list)**
A [proxy](https://en.wikipedia.org/wiki/Proxy_server) is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.
- [Traefik](examples/traefik) - Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Mesos/Marathon, …) to manage its configuration automatically and dynamically.
- [Nginx Proxy Manager](examples/nginx-proxy-manager) - Nginx Proxy Manager is an easy way to accomplish reverse proxying hosts with SSL termination.
- [Caddy](examples/caddy) - The Caddy web server is an extensible, cross-platform, open-source web server written in Go. Caddy obtains and renews TLS certificates for your sites automatically.
- ~~[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy)~~ - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
### Identity Management - Single Sign-On (SSO) & LDAP
**[`^ back to top ^`](#-project-list)**
[Single sign-on (SSO)](https://en.wikipedia.org/wiki/Single_sign-on) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.
- [Authelia](examples/authelia) - Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests. Recommended to combine with [Traefik](examples/traefik).
- [Authentik](examples/authentik) - Authentik is an open-source Identity Provider focused on flexibility and versatility.
- [Keycloak](examples/keycloak) - Keycloak is an open-source Identity and Access Management (IAM) solution for modern applications and services.
- [lldap](examples/lldap) - lldap is a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. It integrates with many backends, from KeyCloak to Authelia to Nextcloud and more.
### Large Language Models & AI
**[`^ back to top ^`](#-project-list)**
A [Large Language Model (LLM)](https://en.wikipedia.org/wiki/Large_language_model) is a language model notable for its ability to achieve general-purpose language generation and other natural language processing tasks such as classification. LLMs can be used for text generation, a form of generative [AI](https://en.wikipedia.org/wiki/Artificial_intelligence), by taking an input text and repeatedly predicting the next token or word.
- [Ollama + Open WebUI](examples/ollama-ui) - Get up and running with Llama 3, Mistral, Gemma, and other large language models using Ollama. Using an interactive, user-friendly WebUI via Open WebUI (formerly known as Ollama WebUI).
- [Serge](examples/serge) - A web interface for chatting with Alpaca through llama.cpp. Fully dockerized, with an easy to use API.
### Virtual Private Network (VPN) & Remote Access
**[`^ back to top ^`](#-project-list)**
A [VPN](https://en.wikipedia.org/wiki/Virtual_private_network) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.
- [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
- [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
- [IPSec VPN Server](examples/ipsec-vpn-server) - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2.
- [OpenVPN-AS](examples/openvpn) - OpenVPN Access Server delivers an enterprise VPN solution for businesses of all sizes, providing a securely encrypted connection to private networks over unsecured public internet.
- [Firezone](examples/firezone) - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
- ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required.
- [Headscale](examples/headscale) - An open source, self-hosted implementation of the Tailscale control server.
- [Guacamole](examples/guacamole) - Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, SSH and RDP.
### Domain Name Service (DNS)
**[`^ back to top ^`](#-project-list)**
[DNS](https://en.wikipedia.org/wiki/Domain_Name_System) servers and management tools with advertisement blocking funtionality, primarily aimed at home or small networks.
- [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking.
- [AdGuard Home Sync](examples/adguard-home-sync) - Synchronize AdGuardHome config to replica instances.
- [Technitium DNS](examples/technitium-dns) - An open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security.
- [Pihole](examples/pihole) - Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.
- [Cloudflare DDNS](examples/cloudflare-ddns) - Dynamic DNS (DDNS) is a service that keeps the DNS updated with a web property's correct IP address, even if that IP address is constantly being updated.
### Software Development - Project Management, DevOps
**[`^ back to top ^`](#-project-list)**
Tools and software for [software project management](https://en.wikipedia.org/wiki/Software_project_management).
- [JetBrains YouTrack](examples/jetbrains-youtrack) - YouTrack is a proprietary, commercial browser-based bug tracker, issue tracking system and project management software developed by JetBrains.
- [Leantime](examples/leantime) - Leantime is an open source project management system for small teams and startups written in PHP, Javascript using MySQL.
- [Gitea](examples/gitea) - Community managed fork of Gogs, lightweight code hosting solution.
- [Drone](examples/drone) - Drone is a continuous delivery system built on container technology. Drone uses a simple YAML build file, to define and execute build pipelines inside Docker containers.
- [Gitlab Community](examples/gitlab-ce) - Self Hosted Git repository management, code reviews, issue tracking, activity feeds and wikis.
- [Code-Server](examples/code-server) - VS Code in the browser, hosted on a remote server.
- [Onedev](examples/onedev) - Self-hosted Git Server with CI/CD and Kanban.
### Automation and Monitoring
**[`^ back to top ^`](#-project-list)**
[Automation](https://en.wikipedia.org/wiki/Automation) software designed to reduce human intervention in processes.
- [n8n](examples/n8n) - Free and source-available fair-code licensed workflow automation tool. Easily automate tasks across different services.
- [Home Assistant](examples/home-assistant) - Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
- [Portainer](examples/portainer) - Portainer is a lightweight management UI which allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters).
- [Dockge](https://github.com/louislam/dockge/blob/master/compose.yaml) - A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager.
- [Uptimekuma](examples/uptimekuma) - Uptime Kuma is an easy-to-use self-hosted monitoring tool.
- [Changedetection](examples/changedetection) - Self-hosted tool for staying up-to-date with web-site content changes.
- [Grafana+Loki+Promtail+InfluxDB+Telegraf](examples/grafana-monitoring) - Grafana is the open source analytics & monitoring solution for every database. Combined with other open-source tools like Loki, Promtail, InfluxDB and Telegraf, monitoring data can be aggregated, normalized, filtered, parsed and finally visualized within a web dashboard.
- [Speedtest-Tracker](examples/speedtest-tracker) - Continuously track your internet speed.
- [Openspeedtest](examples/openspeedtest) - A free and open-source HTML5 network performance estimation tool written in vanilla JavaScript and only uses built-in web APIs like XHR, HTML, CSS, JS and SVG.
- [Goaccess](examples/nginx-proxy-manager-goaccess) - Real-time web log analyzer and interactive viewer that visualizes various logs of popular reverse proxies such as Nginx, Nginx Proxy Manager and Traefik.
- [WatchYourLAN](examples/watchyourlan) - Lightweight network IP scanner with web GUI.
- [Watchtower](examples/watchtower) - A container-based solution for automating Docker container base image updates.
- [Unify Network Application](examples/unify-network-application) - The Unifi-network-application software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance.
- [UpSnap](examples/upsnap) - A simple wake on lan app written with SvelteKit, Go, PocketBase and nmap.
### Recipe Management
**[`^ back to top ^`](#-project-list)**
Software and tools for managing [recipes](https://en.wikipedia.org/wiki/Recipe).
- [Tandoor](examples/tandoor) - Django application to manage, tag and search recipes using either built-in models or external storage providers hosting PDFs, Images or other files.
- [Mealie](examples/mealie) - Material design inspired recipe manager with category and tag management, shopping-lists, meal-planner, and site customizations. Mealie is focused on simple user interactions to keep the whole family using the app.
### Photo and Video Galleries
**[`^ back to top ^`](#-project-list)**
A [gallery](https://en.wikipedia.org/wiki/Gallery_Software) is software that helps the user publish or share photos, pictures, videos or other digital media.
- [Immich](examples/immich) - Self-hosted photo and video backup solution directly from your mobile phone. Alternative to Google Photos.
- [Photoprism](examples/photoprism) - Personal photo management powered by Go and Google TensorFlow. Browse, organize, and share your personal photo collection, using the latest technologies to automatically tag and find pictures.
- [Stash](examples/stash) - Stash is a self-hosted webapp written in Go which organizes and serves your porn.
- [LibrePhotos](examples/librephotos) - A self-hosted open source photo management service, with face recognition, geolocation, and more.
- [Chevereto](examples/chevereto) - Ultimate image sharing software. Create your very own personal image hosting website in just minutes.
### Audio and Video Management
**[`^ back to top ^`](#-project-list)**
Software to manage audio and video material.
- [Arr-Suite](examples/arr-suite) - Docker stack consisting of Prowlarr, Sonarr, Radarr, Lidarr, Readarr, Flaresolverr, Qbittorrent and Emby.
- [Raveberry](examples/raveberry) - A multi-user music server with a focus on participation.
- [Deemix](examples/deemix) - deemix is a barebone deezer downloader library built from the ashes of Deezloader Remix.
- [Forte](examples/forte) - forte is a self-hosted music platform. You can either connect to a forte server or create your own server for your friends & family. However, it is also very convenient to use forte on your local machine as a stand-alone music player. Supports group streaming sessions.
- [MeTube](examples/metube) - Web GUI for youtube-dl (using the yt-dlp fork) with playlist support. Allows you to download videos and audio only from YouTube and dozens of other sites.
- [Transmission](examples/transmission) - Transmission is a fast, easy, and free BitTorrent client.
- [FlareSolverr](examples/flaresolverr) - FlareSolverr is a proxy server to bypass Cloudflare and DDoS-GUARD protection.
- [Plex](examples/plex) - Plex organizes video, music and photos from personal media libraries and streams them to smart TVs, streaming boxes and mobile devices.
- [Jellyfin](examples/jellyfin) - Jellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached.
- [Jackett](examples/jackett) - Jackett translates queries from apps (Sonarr, Radarr, SickRage, CouchPotato, Mylar3, Lidarr, DuckieTV, qBittorrent, Nefarious etc.) into tracker-site-specific http queries, parses the html or json response, and then sends results back to the requesting software. This allows for getting recent uploads (like RSS) and performing searches. Jackett is a single repository of maintained indexer scraping & translation logic - removing the burden from other apps.
- [Lidarr](examples/lidarr) - Lidarr is a music collection manager for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new albums from your favorite artists and will interface with clients and indexers to grab, sort, and rename them.
- [Prowlarr](examples/prowlarr) - Prowlarr is an indexer manager/proxy built on the popular *arr .net/reactjs base stack to integrate with your various PVR apps. Prowlarr supports management of both Torrent Trackers and Usenet Indexers. It integrates seamlessly with Lidarr, Mylar3, Radarr, Readarr, and Sonarr offering complete management of your indexers with no per app Indexer setup required (we do it all).
- [Radarr](examples/radarr) - Radarr is a movie collection manager for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new movies and will interface with clients and indexers to grab, sort, and rename them. It can also be configured to automatically upgrade the quality of existing files in the library when a better quality format becomes available.
- [Sonarr](examples/sonarr) - Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available.
- [Ombi](examples/ombi) - Ombi is a tool that enables users to manage requests for movies and TV shows on their Plex server. It provides an easy-to-use interface for users to request new content, leave notes and report issues. Ombi also offers notification and newsletter features, making it easier for server owners to manage user requests and share new content updates.
### Archiving and Digital Preservation (DP)
**[`^ back to top ^`](#-project-list)**
Digital [archiving](https://en.wikipedia.org/wiki/Archival_science) and [preservation](https://en.wikipedia.org/wiki/Digital_preservation) software.
- [Archivebox](examples/archivebox) - ArchiveBox is a powerful, self-hosted internet archiving solution to collect, save, and view websites offline.
- [Shiori](examples/shiori) - Simple bookmark manager and website archiver built with Go.
- [Readeck](examples/readeck) - Readeck is a simple web application that lets you save the precious readable content of web pages you like and want to keep forever.
### Document Management
**[`^ back to top ^`](#-project-list)**
A [document management system](https://en.wikipedia.org/wiki/Document_management_system) (DMS) is a system used to receive, track, manage and store documents and reduce paper.
- [Paperless NGX](examples/paperless-ngx) - A community-supported supercharged version of paperless: scan, index and archive all your physical documents.
- [Papermerge](examples/papermerge) - Free and open source document management system with OCR designed for scanned documents, digital archives, pdf, tiff, jpeg.
- [DocuSeal](examples/docuseal) - Create, fill, and sign digital documents (alternative to DocuSign).
- [Koillection](examples/koillection) - Koillection is a self-hosted service allowing users to manage any kind of collections.
- [VoucherVault](examples/vouchervault) - Django web application to store and manage vouchers, coupons, loyalty and gift cards digitally. Supports expiry notifications, transaction histories and file uploads.
### Pastebins
**[`^ back to top ^`](#-project-list)**
A [pastebin](https://en.wikipedia.org/wiki/Pastebin) is a type of online content-hosting service used for sharing and storing code and text.
- [PrivateBin](examples/privatebin) - PrivateBin is a minimalist, opensource online pastebin/discussion board where the server has zero knowledge of hosted data.
- [Hemmelig](examples/hemmelig) - Keep your sensitive information out of chat logs, emails, and more with encrypted secrets. Free encrypted secret sharing for everyone!
### File Transfer & Synchronization
**[`^ back to top ^`](#-project-list)**
- [ownCloud OCIS](examples/owncloud-ocis) - ownCloud Infinite Scale (oCIS) is the new file sync & share platform written in Golang that will be the foundation of your data management platform.
- [ownCloud](https://doc.owncloud.com/server/next/admin_manual/installation/docker/#docker-compose) - ownCloud is an open-source file sync, share and content collaboration software that lets teams work on data easily from anywhere, on any device.
- [Nextcloud](examples/nextcloud) - Access and share your files, calendars, contacts, mail and more from any device, on your terms.
- [Seafile](examples/seafile) - File hosting and sharing solution primary for teams and organizations.
- [SFTPGo](examples/sftpgo) - Fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob.
- [Filebrowser](examples/filebrowser) - filebrowser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit your files.
- [FileRun](examples/filerun) - FileRun is a self-hosted File Sync and Share web-based application. It is a full featured web based file manager with an easy to use user interface.
- [Gokapi](examples/gokapi) - Lightweight selfhosted Firefox Send alternative without public upload. AWS S3 supported.
- [Projectsend](examples/projectsend) - ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs and much more!
- [Pwndrop](examples/pwndrop) - pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
- [Droppy](examples/droppy) (deprecated) - droppy is a self-hosted file storage server with a web interface and capabilities to edit files and view media directly in the browser. It is particularly well-suited to be run on low-end hardware like the Raspberry Pi.
- [PairDrop](examples/pairdrop) - PairDrop is a sublime alternative to AirDrop that works on all platforms. Send images, documents or text via peer to peer connection to devices in the same local network/Wi-Fi or to paired devices.
- [MinIO](examples/minio) - MinIO is an object storage server, compatible with Amazon S3 cloud storage service, mainly used for storing unstructured data (such as photos, videos, log files, etc.).
- [Transfer.sh](examples/transfer.sh) - Easy and fast file sharing from the command-line.
- [Transfer.zip](examples/transfer.zip) - Transfer files securely and E2E encrypted (AES-256 GCM) between browsers using WebRTC Peer2peer.
- [Send](examples/send) - Simple, private file sharing with encryption. A fork of Mozilla's Firefox Send.
- [Syncthing](examples/syncthing) - Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers.
### Backups
**[`^ back to top ^`](#awesome-sysadmin)**
[Backup](https://en.wikipedia.org/wiki/Backup) software.
- [Duplicati](examples/duplicati) - Duplicati is a backup client that securely stores encrypted, incremental, compressed remote backups of local files on cloud storage services and remote file servers.
- [Duplicacy](examples/duplicacy) - A lock-free deduplication cloud backup tool.
### Note-taking & Editors
**[`^ back to top ^`](#-project-list)**
[Note taking](https://en.wikipedia.org/wiki/Note-taking) editors.
- [Excalidraw](examples/excalidraw) - Excalidraw is a virtual collaborative whiteboard tool that lets you easily sketch diagrams that have a hand-drawn feel to them.
- [HedgeDoc](examples/hedgedoc) - HedgeDoc lets you create real-time collaborative markdown notes.
- [Overleaf](examples/overleaf) - Overleaf is a collaborative cloud-based LaTeX editor used for writing, editing and publishing scientific documents.
- [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs.
- [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser.
- [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking.
### URL Shorteners
**[`^ back to top ^`](#-project-list)**
- [YOURLS](examples/yourls) - The de-facto standard self hosted URL shortener in PHP.
### Blogging Platforms and Homepages
**[`^ back to top ^`](#-project-list)**
A [blog](https://en.wikipedia.org/wiki/Blog) is a discussion or informational website consisting of discrete, diary-style text entries (posts).
- [Ghost](examples/ghost) - Ghost is a free and open source blogging platform written in JavaScript and distributed under the MIT License, designed to simplify the process of online publishing for individual bloggers as well as online publications.
- [WordPress](examples/wordpress) - WordPress is a free and open-source content management system written in hypertext preprocessor language and paired with a MySQL or MariaDB database with supported HTTPS.
- [Nginx + PHP](examples/nginx-php) - Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. Combined with PHP, a general-purpose scripting language geared toward web development, server-side functions can be implemented for the webs.
### Communication - Social Networks, Forums and Video Conferencing
**[`^ back to top ^`](#-project-list)**
[Social Networking](https://en.wikipedia.org/wiki/Social_networking_service) and [Forum](https://en.wikipedia.org/wiki/Internet_forum) software.
- [Rocket.Chat](examples/rocketchat) - Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection.
- [Mattermost](examples/mattermost) - Mattermost is an open source platform for secure collaboration across the entire software development lifecycle.
- [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more.
- [Mirotalk P2P](examples/mirotalk) - Simple, Secure, Fast Real-Time Video Conferences Up to 4k and 60fps, compatible with all browsers and platforms.
- [Reactive-Resume](examples/rxresume) - A one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever.
### E-commerce
**[`^ back to top ^`](#-project-list)**
[E-commerce](https://en.wikipedia.org/wiki/E-commerce) software.
- [EverShop](examples/evershop) - EverShop is a GraphQL Based and React ecommerce platform with essential commerce features. Built with React, modular and fully customizable.
### Analytics
**[`^ back to top ^`](#-project-list)**
[Analytics](https://en.wikipedia.org/wiki/Analytics) is the systematic computational analysis of data or statistics. It is used for the discovery, interpretation, and communication of meaningful patterns in data.
- [Matomo](examples/matomo) - Matomo is the leading Free/Libre open analytics platform.
- [Plausible](examples/plausible) - Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.
### Security & Privacy
**[`^ back to top ^`](#-project-list)**
Software that helps to increase security and privacy.
- [Nessus](examples/nessus) - Nessus is a proprietary vulnerability scanner developed by Tenable, Inc.
- [Greenbone](examples/greenbone) - Greenbone is the world's most trusted provider of open source vulnerability management.
- [SonarQube](examples/sonarqube) - SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages.
- [Fail2ban](examples/fail2ban) - Fail2ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent against brute-force attacks.
- [Tor-Browser](examples/tor-browser) - Running a Tor browser instance on any headless server.
- [Firefox](examples/firefox) - Firefox by linuxserver.io allows you to run the popular Firefox web broser on a remote server.
- [Bibliogram](examples/bibliogram) (deprecated) - Bibliogram is a private front-end frontend to Instagram, similar to Invidous.
- [Nitter](examples/nitter) - Nitter is an alternative front-end to Twitter, and was inspired by Invidious.
- [Unify Network Application](examples/unify-network-application) - The Unifi-network-application software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance.
### Wikis & Knowledge Base
**[`^ back to top ^`](#-project-list)**
A [wiki](https://en.wikipedia.org/wiki/Wiki) is a publication collaboratively edited and managed by its own audience directly using a web browser.
- [Bookstack](examples/bookstack) - BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform.
- [Wiki.js](examples/wikijs) - Wiki.js is an open source project that has been made possible due to the generous contributions by community backers.
- [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more.
- [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser.
- [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs.
- [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking.
- [HedgeDoc](examples/hedgedoc) - HedgeDoc lets you create real-time collaborative markdown notes.
- [Docmost](examples/docmost) - Docmost is an open source collaborative documentation and wiki software. It is an open-source alternative to the likes of Confluence and Notion.
### Money, Budgeting & Management
**[`^ back to top ^`](#-project-list)**
[Money management](https://en.wikipedia.org/wiki/Money_management) and budgeting software.
- [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data.
- [Money-Balancer](examples/money-balancer) - A simple application for managing debt with your friends!
- [Firefly III](examples/firefly-iii) - A self-hosted manager for your personal finances.
- [VoucherVault](examples/vouchervault) - Django web application to store and manage vouchers, coupons, loyalty and gift cards digitally. Supports expiry notifications, transaction histories and file uploads.
### Genealogy
**[`^ back to top ^`](#-project-list)**
[Genealogy software](https://en.wikipedia.org/wiki/Genealogy_software) used to record, organize, and publish genealogical data.
- [webtrees](examples/webtrees) - webtrees is the web's leading online collaborative genealogy application. It allows you to view and edit your genealogy on your selfhosted website.
- [Gramps-Web](examples/gramps) - Gramps Web is a web app for collaborative genealogy. It is based on and interoperable with Gramps, the leading open source genealogy desktop application.
### Asset Management
**[`^ back to top ^`](#-project-list)**
[Asset management](https://en.wikipedia.org/wiki/Asset_management) is a systematic approach to the governance and realization of all value for which a group or entity is responsible.
- [Domainmod](examples/domainmod) - DomainMOD is an open source application used to manage your domains and other internet assets in a central location.
- [Snipe-IT](examples/snipe-it) - Snipe-IT is a free, open source IT asset management system written in PHP.
- [Koillection](examples/koillection) - Koillection is a self-hosted service allowing users to manage any kind of collections.
- [VoucherVault](examples/vouchervault) - Django web application to store and manage vouchers, coupons, loyalty and gift cards digitally. Supports expiry notifications, transaction histories and file uploads.
### Request Bins
**[`^ back to top ^`](#-project-list)**
A request bin service allows one to collect and inspect HTTP requests. It may be used to create mock API endpoints or troubleshoot HTTP requests. Also used by security professionals to verify security vulnerabilities like Server Side Request Forgery (SSRF) and others.
- [RequestBin](examples/requestbin) - RequestBin gives you a unique URL that collects HTTP requests for debugging and development purposes.
- [Webhook.site](examples/webhook.site) - Easily test HTTP webhooks with this handy tool that displays requests instantly.
- [Request-Baskets](https://github.com/darklynx/request-baskets) - HTTP requests collector to test webhooks, notifications, REST clients and more.
- [Mockbin](https://github.com/Kong/mockbin) - Mock, Test & Track HTTP Requests and Response for Microservices.
### Games and Control Servers
**[`^ back to top ^`](#-project-list)**
Multiplayer game servers, browser games and utilities for managing game servers.
- [cs2-dedicated-server](examples/cs2-dedicated-server) - CS2 Dedicated Server Docker Image with an RCON web-based control panel.
- [posio](examples/posio) - A multiplayer geography game using Websockets.
- [Monkeytype](examples/monkeytype) - The most customizable typing website with a minimalistic design and a ton of features. Test yourself in various modes, track your progress and improve your speed.
### Miscellaneous
**[`^ back to top ^`](#-project-list)**
Software that does not fit in another section.
- [Network-Multitool](examples/network-multitool) - Multi-arch multitool for container network troubleshooting.
- [IT-Tools](examples/it-tools) - Collection of handy online tools for developers, with great UX.

3
examples/adguard-home-sync/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/bakito/adguardhome-sync

21
examples/adguard-home-sync/docker-compose.yml Normal file
View file

@ -0,0 +1,21 @@
version: "2.1"
services:
adguardhome-sync:
image: linuxserver/adguardhome-sync
container_name: adguardhome-sync
hostname: adguardhome-sync
environment:
- ORIGIN_URL=http://10.10.10.10:8080 # your main adguard instance for synchronization
- ORIGIN_USERNAME=admin1
- ORIGIN_PASSWORD=password1
- REPLICA_URL=http://20.20.20.20:8080 # your replica adguard instance to be synced with main instance
- REPLICA_USERNAME=admin2
- REPLICA_PASSWORD=password2
- CRON=*/30 * * * * # run every 30 minute; see https://crontab.guru/
- RUNONSTART=true
- TZ=Europe/Berlin
- PUID=1000
- PGID=1000
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home-sync:/config

3
examples/adguard-home/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/AdguardTeam/AdGuardHome

37
examples/adguard-home/docker-compose.yml Normal file
View file

@ -0,0 +1,37 @@
version: "3"
services:
adguard:
container_name: adguard
hostname: adguard
image: adguard/adguardhome:latest
ports:
- 3000:3000/tcp # only required during initial setup
- 8080:80/tcp # web interface after setup
- 53:53/tcp # dns
- 53:53/udp # dns
# - 67:67/udp # dhcp
# - 68:68/tcp # dhcp
# - 68:68/udp # dhcp
# - 784:784/udp # dns-over-quic
# - 853:853/tcp # dns over tls
# - 853:853/udp # dns over tls
# - 5443:5443/tcp # dnscrypt
# - 5443:5443/udp # dnscrypt
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home/work:/opt/adguardhome/work
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home/conf:/opt/adguardhome/conf
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.adguard.rule=Host(`dns.example.com`)
# - traefik.http.services.adguard.loadbalancer.server.port=8080
# # Optional part for traefik middlewares
# - traefik.http.routers.adguard.middlewares=local-ipwhitelist@file,authelia@docker
#networks:
# proxy:
# external: true

3
examples/answer/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/answerdev/answer

31
examples/answer/docker-compose.yml Normal file
View file

@ -0,0 +1,31 @@
version: "3"
services:
answer:
container_name: answer
image: answerdev/answer
ports:
- '9080:80'
expose:
- 80
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/answer/data:/data
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.answer.rule=Host(`faq.example.com`)
# - traefik.http.services.answer.loadbalancer.server.port=80
# # Optional part for file upload max sizes
# - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
# # Optional part for traefik middlewares
# - traefik.http.routers.answer.middlewares=local-ipwhitelist@file,authelia@docker
#networks:
# proxy:
# external: true

17
examples/archivebox/README.md Normal file
View file

@ -0,0 +1,17 @@
# References
- https://github.com/ArchiveBox/ArchiveBox
- https://github.com/ArchiveBox/ArchiveBox/blob/dev/docker-compose.yml
# Notes
Before starting the compose stack, ensure that you have downloaded the sonic configuration file, if you plan on using the sonic container.
Place the config file in the bind volume mount path for sonic.
The default username and password are: archivebox
> [!CAUTION]
> Please read the [official storage requirements](https://github.com/ArchiveBox/ArchiveBox#storage-requirements) if your ArchiveBox instance is running slow, sluggish or times out.
>
> **TLDR**: Do not store the Docker volume data on a network storage like SMB/NFS.

84
examples/archivebox/docker-compose.yml Normal file
View file

@ -0,0 +1,84 @@
version: "3.9"
services:
archivebox:
image: archivebox/archivebox:dev
container_name: archivebox
command: server --quick-init 0.0.0.0:8000
restart: unless-stopped
ports:
- 8000:8000
expose:
- 8000
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/data:/data # archivebox application data
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/crontabs:/var/spool/cron/crontabs # archivebox crontab data for scheduled runs
#- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/source-code:/app/archivebox # bind mounts the archivebox source code for development
environment:
# see https://docs.archivebox.io/en/master/Configuration.html for more details
- ADMIN_USERNAME=archivebox # your initial username
- ADMIN_PASSWORD=archivebox # your initial password
- ALLOWED_HOSTS=*
- PUBLIC_INDEX=False
- PUBLIC_SNAPSHOTS=False
- PUBLIC_ADD_VIEW=False
- PUID=1000
- PGID=1000
- SEARCH_BACKEND_ENGINE=sonic
- SEARCH_BACKEND_HOST_NAME=sonic
- SEARCH_BACKEND_PASSWORD=deport-silver-showcase-pusher-radiantly
- MEDIA_MAX_SIZE=750m
- TIMEOUT=60
- CHECK_SSL_VALIDITY=False
- SAVE_TITLE=False
- SAVE_FAVICON=False
- SAVE_WGET=False
- SAVE_WARC=False
- SAVE_PDF=True
- SAVE_SCREENSHOT=True
- SAVE_DOM=True
- SAVE_SINGLEFILE=True
- SAVE_READABILITY=False
- SAVE_GIT=False
- SAVE_MEDIA=True
- SUBMIT_ARCHIVE_DOT_ORG=False
- SAVE_ARCHIVE_DOT_ORG=False
#networks:
# - proxy
# - archivebox_default
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.archivebox.rule=Host(`archive.exmple.com`)
# - traefik.http.services.archivebox.loadbalancer.server.port=8000
# # Part for optional traefik middlewares
# - traefik.http.routers.archivebox.middlewares=local-ipwhitelist@file
### Example: To run the Sonic full-text search backend, first download the config file to sonic.cfg
# $ curl -O https://raw.githubusercontent.com/ArchiveBox/ArchiveBox/master/etc/sonic.cfg
# After starting, backfill any existing Snapshots into the full-text index:
# $ docker-compose run archivebox update --index-only
sonic:
image: valeriansaliou/sonic:latest
container_name: archivebox-sonic
expose:
- 1491
environment:
- SEARCH_BACKEND_PASSWORD=deport-silver-showcase-pusher-radiantly
volumes:
# Example: To run the Sonic full-text search backend, first download the config file to sonic.cfg
# curl https://raw.githubusercontent.com/ArchiveBox/ArchiveBox/master/etc/sonic.cfg -o /mnt/docker-volumes/archivebox/sonic/sonic.cfg
# After starting, backfill any existing Snapshots into the full-text index:
# $ docker-compose run archivebox update --index-only
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/sonic/sonic.cfg:/etc/sonic.cfg:ro
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/sonic/store:/var/lib/sonic/store
#networks:
# - archivebox_default
#networks:
# proxy:
# external: true
# archivebox_default:
# external: false

66
examples/archivebox/sonic.cfg Normal file
View file

@ -0,0 +1,66 @@
# Sonic
# Fast, lightweight and schema-less search backend
# Configuration file
# Example: https://github.com/valeriansaliou/sonic/blob/master/config.cfg
[server]
log_level = "warn"
[channel]
inet = "0.0.0.0:1491"
tcp_timeout = 300
auth_password = "${env.SEARCH_BACKEND_PASSWORD}"
[channel.search]
query_limit_default = 65535
query_limit_maximum = 65535
query_alternates_try = 10
suggest_limit_default = 5
suggest_limit_maximum = 20
[store]
[store.kv]
path = "/var/lib/sonic/store/kv/"
retain_word_objects = 100000
[store.kv.pool]
inactive_after = 1800
[store.kv.database]
flush_after = 900
compress = true
parallelism = 2
max_files = 100
max_compactions = 1
max_flushes = 1
write_buffer = 16384
write_ahead_log = true
[store.fst]
path = "/var/lib/sonic/store/fst/"
[store.fst.pool]
inactive_after = 300
[store.fst.graph]
consolidate_after = 180
max_size = 2048
max_words = 250000

84
examples/arr-suite/README.md Normal file
View file

@ -0,0 +1,84 @@
# References
- https://docs.linuxserver.io/images/docker-prowlarr/
- https://docs.linuxserver.io/images/docker-sonarr/
- https://docs.linuxserver.io/images/docker-radarr/
- https://docs.linuxserver.io/images/docker-lidarr/
- https://docs.linuxserver.io/images/docker-readarr/
- https://github.com/FlareSolverr/FlareSolverr
- https://docs.linuxserver.io/images/docker-qbittorrent/
- https://hub.docker.com/r/qmcgaw/gluetun
- https://docs.linuxserver.io/images/docker-emby/
- https://docs.linuxserver.io/images/docker-jellyfin (alternative option to emby)
# Notes
> [!WARNING]
> Downloading copyright restricted movies or media in general is illegal in most countries.
>
> Use this docker stack responsibly!
> [!CAUTION]
> This setup makes use of gluetun to obtain a vpn killswitch network. This requires a vpn provider like mullvad or others.
Docker stack consisting of various arr-services like:
- Prowlarr
- Used as indexer for torrent links
- Sonarr
- Used for tv shows
- Radarr
- Used for movies
- Lidarr
- Used for music
- Readarr
- Used for books
- Flaresolverr
- Used to bypass Cloudflare for prowlarr
- You must add it at prowlarr as indexer with the tag `flaresolverr`
- Qbittorrent
- Used as download client; run behind gluetun vpn killswitch container
- A temporary password for the `admin` user will be printed to the container log on startup. Change it immediately to a static one that does not change again.
- Gluetun
- Used for establishing an openvpn/wireguard killswitch vpn connection for qbittorrent
- Requires an active subscription for a vpn provider (e.g. Mullvad)
- Emby / Jellyfin
- Used to manage your media libraries and stream it from various devices
The following bind mount volumes are defined:
- `/arr-suite/configs/<container-name>`
- holds the config files of an arr container
- `/arr-suite/media/`
- will hold your media files such as movies, music, books, tv-shows, qbittorrent downloads etc.
## Setup
You can follow this Youtube tutorial on how to setup most of the arr applications:
https://www.youtube.com/watch?v=LD8-Qr3B2-o
**Note**: As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks! The only exception is qbittorrent, which uses the vpn killswitch network of the gluetun container. Here, the gluetun container will expose qbittorrent's web ui on TCP/8080 and the IP address of your docker host server. Setup qbittorrent in all arr-applications using your server's local IP address, on which port 8080 is mapped to.
> [!WARNING]
> We configured qbittorrent to use the non-default path `/media/downloads` for downloads.
>
> Please define this location path in the qbittorrent admin panel too!
![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/278b800d-2b6b-45cb-a44c-7f56def7f9d3)
![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/8915f9f3-081f-41d2-9c5e-bdf9553e09c2)
![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/94de5802-3b26-420b-bb1d-ac82cd5a5cfb)
![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/19a26a74-dae0-4381-9614-46d20f912542)
## Traefik + Emby + HTTP Headers
During the setup of Emby in a web browser (HTTPS via Traefik) you may notice errors in the developer console, which prevent the web page from loading properly.
Those errors occur, if you have configured secure HTTP response headers such as X-Content-Type-Options with the directive "nosniff".
To complete the web-based setup, you either have to temporarely disable the HTTP header or browse the Emby instance without Traefik as reverse proxy.
After the setup was completed, the errors are gone and you can use Emby regularly with Traefik, HTTPS and any X-Content-Type-Options header configuration.

263
examples/arr-suite/docker-compose.yml Normal file
View file

@ -0,0 +1,263 @@
version: "3.6"
services:
# image used to index torrent links from the internet
prowlarr:
image: linuxserver/prowlarr:latest
container_name: arr-suite-prowlarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/prowlarr:/config # database and Prowlarr configs
expose:
- 9696/tcp # web ui
ports:
- 9696:9696/tcp # web ui
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.prowlarr.rule=Host(`prowlarr.example.com`)
# - traefik.http.services.prowlarr.loadbalancer.server.port=9696
# # Optional part for traefik middlewares
# - traefik.http.routers.prowlarr.middlewares=local-ipwhitelist@file
# image used to scan for tv shows
sonarr:
image: linuxserver/sonarr:latest
container_name: arr-suite-sonarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/sonarr:/config # database and Radarr configs
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
expose:
- 8989/tcp # web ui
ports:
- 8989:8989/tcp # web ui
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.sonarr.rule=Host(`sonarr.example.com`)
# - traefik.http.services.sonarr.loadbalancer.server.port=8989
# # Optional part for traefik middlewares
# - traefik.http.routers.sonarr.middlewares=local-ipwhitelist@file
# image used to scan for movies
radarr:
image: linuxserver/radarr:latest
container_name: arr-suite-radarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/radarr:/config
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
expose:
- 7878/tcp # web ui
ports:
- 7878:7878/tcp # web ui
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.radarr.rule=Host(`radarr.example.com`)
# - traefik.http.services.radarr.loadbalancer.server.port=7878
# # Optional part for traefik middlewares
# - traefik.http.routers.radarr.middlewares=local-ipwhitelist@file
# image used to scan for music
lidarr:
image: linuxserver/lidarr:latest
container_name: arr-suite-lidarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/lidarr:/config
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
expose:
- 8686/tcp # web ui
ports:
- 8686:8686/tcp # web ui
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.lidarr.rule=Host(`lidarr.example.com`)
# - traefik.http.services.lidarr.loadbalancer.server.port=8686
# # Optional part for traefik middlewares
# - traefik.http.routers.lidarr.middlewares=local-ipwhitelist@file
# image used to scan for books
readarr:
image: linuxserver/readarr:develop
container_name: arr-suite-readarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/readarr:/config
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
expose:
- 8787/tcp # web ui
ports:
- 8787:8787/tcp # web ui
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.readarr.rule=Host(`readarr.example.com`)
# - traefik.http.services.readarr.loadbalancer.server.port=8787
# # Optional part for traefik middlewares
# - traefik.http.routers.readarr.middlewares=local-ipwhitelist@file
# image used to bypass cloudflare for prowlarr
flaresolverr:
image: flaresolverr/flaresolverr:latest
container_name: arr-suite-flaresolverr
environment:
- LOG_LEVEL=info
- LOG_HTML=false
- CAPTCHA_SOLVER=none
- TZ=Europe/Berlin
expose:
- 8191/tcp # listening port for selenium
restart: unless-stopped
#networks:
# - proxy
# image used for vpn killswitch network
gluetun:
image: qmcgaw/gluetun:latest
container_name: arr-suite-gluetun
cap_add:
- NET_ADMIN
ports:
- 8080:8080 # qbittorrent http web ui
environment:
# see https://github.com/qdm12/gluetun-wiki for more details
# example envs based on https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md
- VPN_SERVICE_PROVIDER=mullvad # define the vpn provider
- VPN_TYPE=wireguard # define the vpn protocol to use
- WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # define your wireguard private key here
- WIREGUARD_ADDRESSES=10.64.222.21/32 # define the ipv4 vpn network subnet here
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/gluetun:/gluetun
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.example.com`)
# - traefik.http.services.qbittorrent.loadbalancer.server.port=8080
# # Optional part for traefik middlewares
# - traefik.http.routers.qbittorrent.middlewares=local-ipwhitelist@file
# image used to download stuff; run over gluetun network (vpn killswitch)
qbittorrent:
image: linuxserver/qbittorrent:latest
container_name: arr-suite-qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- WEBUI_PORT=8080
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads
depends_on:
- gluetun
network_mode: container:arr-suite-gluetun # use the gluetun container network (vpn killswitch)
restart: unless-stopped
# image used to manage media and stream it
emby:
image: linuxserver/emby:latest
container_name: arr-suite-emby
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby:/config # emby data storage location; can grow very large
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # media goes here
#- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby/lib:/opt/vc/lib # optional; path for Raspberry Pi OpenMAX libs
expose:
- 8096/tcp # http web ui
- 8920/tcp # https web ui
ports:
- 8096:8096/tcp # http web ui
#devices:
# - /dev/dri:/dev/dri #optional
# - /dev/vchiq:/dev/vchiq #optional
# - /dev/video10:/dev/video10 #optional
# - /dev/video11:/dev/video11 #optional
# - /dev/video12:/dev/video12 #optional
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.emby.rule=Host(`emby.example.com`)
# - traefik.http.services.emby.loadbalancer.server.port=8096
# # Optional part for traefik middlewares
# - traefik.http.routers.emby.middlewares=local-ipwhitelist@file
# image used to manage media and stream it
#jellyfin:
# image: linuxserver/jellyfin:latest
# container_name: arr-suite-jellyfin
# environment:
# - PUID=1000
# - PGID=1000
# - TZ=Europe/Berlin
# volumes:
# - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin:/config # emby data storage location; can grow very large
# - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # media goes here
# #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin/lib:/opt/vc/lib # optional; path for Raspberry Pi OpenMAX libs
# expose:
# - 8096/tcp # http web ui
# ports:
# - 8096:8096/tcp # http web ui
# #devices:
# # - /dev/dri:/dev/dri #optional
# # - /dev/vchiq:/dev/vchiq #optional
# # - /dev/video10:/dev/video10 #optional
# # - /dev/video11:/dev/video11 #optional
# # - /dev/video12:/dev/video12 #optional
# restart: unless-stopped
# #networks:
# # - proxy
# #labels:
# # - traefik.enable=true
# # - traefik.docker.network=proxy
# # - traefik.http.routers.jellyfin.rule=Host(`jellyfin.example.com`)
# # - traefik.http.services.jellyfin.loadbalancer.server.port=8096
# # # Optional part for traefik middlewares
# # - traefik.http.routers.jellyfin.middlewares=local-ipwhitelist@file
#networks:
# proxy:
# external: true

23
examples/authelia/README.md Normal file
View file

@ -0,0 +1,23 @@
# References
- https://github.com/authelia/authelia
- https://www.youtube.com/watch?v=u6H-Qwf4nZA&t=1314s
- https://docs.technotim.live/posts/authelia-traefik/
# Notes
You have to put the configuration files from the directory `config` here to your Docker volume bind mount.
The do the following:
1. Adjust the configuration.yml to your needs. Especially replace exmaple.com with your own domain name. Add all your to be protected subdomains to the access_control area. Replace all secrets with your secure strings (may use `openssl rand -base64 35` to generate a secure, random string).
2. Adjust users_database.yml and add your user accounts. You can create new password hashes via `docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password 'ExamplePassword'`
3. Finally, add authelia as middleware for each container to protect. I recommend using labels. Note that authelia should always be listed first.
````
labels:
- traefik.enable=true
- traefik.http.routers.protected-service.middlewares=authelia@docker,local-ipwhitelist@file
````
**Note**: You can also add Authelia as file provider middleware. See [here](../traefik/fileConfig.yml) for an example Traefik dynamic configuration file. Afterwards, you can use the file provider `authelia@file` instead or besides of `authelia@docker`.

176
examples/authelia/config/configuration.yml Normal file
View file

@ -0,0 +1,176 @@
---
###############################################################
# Authelia configuration #
###############################################################
server:
address: 'tcp://:9091/'
log:
level: debug
theme: dark
identity_validation:
reset_password:
jwt_secret: unsecure_jwt_secret
totp:
issuer: authelia.com
# duo_api:
# hostname: api-123456789.example.com
# integration_key: ABCDEF
# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
# secret_key: 1234567890abcdefghifjkl
password_policy:
standard:
enabled: true
min_length: 16
max_length: 0
require_uppercase: true
require_lowercase: true
require_number: true
require_special: true
authentication_backend:
file:
path: /config/users_database.yml
password:
algorithm: argon2id
iterations: 1
salt_length: 16
parallelism: 8
memory: 64
access_control:
default_policy: deny
rules:
# Rules applied to everyone
# chose from bypass, one_factor and two_factor
- domain: public.example.com
policy: bypass
- domain: subdomain1.example.com
policy: one_factor
- domain: subdomain2.example.com
policy: two_factor
subject:
- "group:admins" # access restriction based on groups
session:
name: authelia_session
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
secret: unsecure_session_secret
expiration: 1h # 1 hour
inactivity: 5m # 5 minutes
cookies:
- domain: example.com
authelia_url: 'https://example.com'
default_redirection_url: 'https://www.example.com' # must be diffent to authelia_url
redis:
host: authelia-redis
port: 6379
# This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
password: SuperSecureRedisAuthPassword # must be the same as in the docker-compose.yml defined for the redis service
regulation:
max_retries: 3
find_time: 120
ban_time: 300
# yubikey support
webauthn:
disable: false
display_name: Authelia
attestation_conveyance_preference: indirect
user_verification: preferred
timeout: 60s
storage:
encryption_key: a_very_important_secret # Now required
local:
path: /config/db.sqlite3
notifier:
# smtp:
# username: test
# # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
# password: password
# host: smtp.gmail.com
# port: 465
# sender: "MySender <admin@example.com>"
filesystem:
filename: /config/notifications.txt
#identity_providers:
# oidc:
# hmac_secret: 'a-very-secure-hmac-secret'
# jwks:
# - key_id: 'authelia'
# algorithm: 'RS256'
# use: 'sig'
# certificate_chain: |
# -----BEGIN CERTIFICATE-----
# <PUBLIC-KEY-DATA-COMES-HERE>
# -----END CERTIFICATE-----
# key: |
# -----BEGIN PRIVATE KEY-----
# <PRIVATE-KEY-DATA-COMES-HERE>
# -----END PRIVATE KEY-----
# enable_client_debug_messages: false
# minimum_parameter_entropy: 8
# enforce_pkce: 'public_clients_only'
# enable_pkce_plain_challenge: false
# enable_jwt_access_token_stateless_introspection: false
# discovery_signed_response_alg: 'none'
# discovery_signed_response_key_id: ''
# require_pushed_authorization_requests: false
# lifespans:
# access_token: '1h'
# authorize_code: '1m'
# id_token: '1h'
# refresh_token: '90m'
# cors:
# endpoints:
# - 'authorization'
# - 'token'
# - 'revocation'
# - 'introspection'
# allowed_origins:
# - 'https://immich.example.com'
# allowed_origins_from_client_redirect_uris: false
# clients:
# - client_id: immich
# client_name: Immich OIDC
# client_secret: 'a-very-secure-client-secret'
# public: false
# authorization_policy: one_factor # may use two_factor to enforce 2FA
# consent_mode: explicit
# token_endpoint_auth_method: "client_secret_basic"
# pre_configured_consent_duration: 1w
# scopes:
# - openid
# - groups
# - email
# - profile
# redirect_uris: # adjust to your domains
# - https://authelia.example.com/
# - https://authelia.example.com/oauth2/callback
# - https://immich.example.com/oauth2/callback
# - https://immich.example.com/auth/login
# - https://immich.example.com/user-settings
# - https://immich.example.com
# - app.immich:/
# - https://immich.example.com/api/oauth/mobile-redirect
# grant_types:
# - refresh_token
# - authorization_code
# response_types:
# - code
# response_modes:
# - form_post
# - query
# - fragment
...

19
examples/authelia/config/users_database.yml Normal file
View file

@ -0,0 +1,19 @@
---
###############################################################
# Users Database #
###############################################################
# This file can be used if you do not have an LDAP set up.
# List of users
users:
yourUsername: # define here your username
disabled: false
displayname: "My Authelia User"
# Password is authelia
password: "$argon2id$v=19$m=65536,t=3,p=4$mTOaOa3MOexX7JQ02BdXzw$OzAxTnSPEnahQgIi+y4QPP5/xYIQ8uEWDYW+vlupeTM" # generate a secure hash with: $ docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'password'
email: authelia@example.com
groups:
- admins
- dev
...

40
examples/authelia/docker-compose.yml Normal file
View file

@ -0,0 +1,40 @@
version: '3.3'
services:
authelia:
image: authelia/authelia
container_name: authelia
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/config:/config
networks:
- proxy
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)' # replace with your domain name
- 'traefik.http.routers.authelia.entrypoints=https'
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com' # replace with your domain name
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
expose:
- 9091
restart: unless-stopped
environment:
- TZ=Europe/Berlin
redis:
image: redis:alpine
container_name: authelia-redis
command: redis-server --requirepass SuperSecureRedisAuthPassword # also reflect this in the authelia config file
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/redis:/data
networks:
- proxy
expose:
- 6379
restart: unless-stopped
environment:
- TZ=Europe/Berlin
networks:
proxy:
external: true

12
examples/authentik/.env Normal file
View file

@ -0,0 +1,12 @@
# define the version to use
AUTHENTIK_VERSION=2024.8
# database credentials
PG_USER=authentik
PG_DB=authentik
# generate via: pwgen -s 40 1
PG_PASS=7jFjT4pUyf0YOlQ84LrO6JdLVWpzKEGiEMtdVwBE
# generate via: pwgen -s 50 1
AUTHENTIK_SECRET_KEY=YZRzXecsKQVEJ3Lr5uoKRGXZkETsYjUDT1qtQ28JjzWzDYvcoG

30
examples/authentik/README.md Normal file
View file

@ -0,0 +1,30 @@
# References
- https://goauthentik.io/docs/installation/
- https://blog.lrvt.de/authentik-traefik-azure-ad/
# Notes
Start by creating a new Docker network for separation:
````
docker network create authentik-internal
````
Then adjust the `.env` file with your private secrets and spawn up the stack:
````
docker compose up -d
````
After spawning up the Authentik stack, you will be greeted by Authentik's login dashboard. However, you have to onboard an admin user first.
This is done by visiting the following URL:
````
# with TLS reverse proxy
https://<hostname>/if/flow/initial-setup/
# without TLS reverse proxy
https://<hostname>:9000/if/flow/initial-setup/
````

109
examples/authentik/docker-compose.yml Normal file
View file

@ -0,0 +1,109 @@
version: "3.4"
services:
postgresql:
image: docker.io/library/postgres:16-alpine
container_name: authentik-psql
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/psql:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${PG_PASS:-authentik}
POSTGRES_USER: ${PG_USER:-authentik}
POSTGRES_DB: ${PG_DB:-authentik}
env_file:
- .env
networks:
- authentik-internal
redis:
image: docker.io/library/redis:alpine
container_name: authentik-redis
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/redis:/data
networks:
- authentik-internal
authentik-proxy:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.8}
container_name: authentik
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-authentik}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-authentiksupersecretkey}
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/media:/media
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/custom-templates:/templates
ports:
- 9000
expose:
- 9000
- 9443
env_file:
- .env
depends_on:
- postgresql
- redis
networks:
- proxy
- authentik-internal
#labels:
# - traefik.enable=true
# - traefik.http.routers.authentik.rule=Host(`authentik.example.com`) || HostRegexp(`{subdomain:[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?}.example.com`) && PathPrefix(`/outpost.goauthentik.io/`)
# - traefik.http.services.authentik.loadbalancer.server.port=9000
# - traefik.docker.network=proxy
# - traefik.http.middlewares.authentik.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik
# - traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true
# - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
worker:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.8}
container_name: authentik-worker
restart: unless-stopped
command: worker
user: root
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-authentik}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-authentiksupersecretkey}
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/certs:/certs
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/media:/media
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/custom-templates:/templates
env_file:
- .env
depends_on:
- postgresql
- redis
networks:
- proxy
- authentik-internal
networks:
proxy:
external: true
authentik-internal:
internal: true

4
examples/bibliogram/README.md Normal file
View file

@ -0,0 +1,4 @@
# References
- https://hub.docker.com/r/schklom/bibliogram
- https://git.sr.ht/~cadence/bibliogram-docs/tree/master/docs/Configuring.md#files

3
examples/bibliogram/config.js Normal file
View file

@ -0,0 +1,3 @@
module.exports = {
website_origin: "https://mydomain.net"
}

23
examples/bibliogram/docker-compose.yml Normal file
View file

@ -0,0 +1,23 @@
version: '3.4'
services:
bibliogram:
image: schklom/bibliogram
container_name: bibliogram
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bibliogram/config.js:/app/config.js:ro
ports:
- 10407:10407
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.bibliogram.rule=Host(`bibliogram.example.com`)
# - traefik.http.services.bibliogram.loadbalancer.server.port=10407
# # Optional part for traefik middlewares
# - traefik.http.routers.bibliogram.middlewares=local-ipwhitelist@file,authelia@docker
#networks:
# proxy:
# external: true

7
examples/bitwarden/README.md Normal file
View file

@ -0,0 +1,7 @@
# References
- https://bitwarden.com/help/install-and-deploy-unified-beta/
# Note
Does not work with MariaDB at the moment. See https://github.com/bitwarden/server/issues/2718

49
examples/bitwarden/docker-compose.yml Normal file
View file

@ -0,0 +1,49 @@
version: "3.8"
services:
bitwarden:
image: bitwarden/self-host:2024.8.0-beta
container_name: bitwarden_unified
restart: always
depends_on:
- db
env_file:
- settings.env
ports:
- "8888:8080"
expose:
- 8080
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bitwarden-unified/data:/etc/bitwarden
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bitwarden-unified/data/logs:/var/log/bitwarden
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.bitwarden.rule=Host(`bitwarden.example.com`)
# - traefik.http.services.bitwarden.loadbalancer.server.port=8080
# # Optional part for file upload max sizes
# - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
# # Optional part for traefik middlewares
# - traefik.http.routers.bitwarden.middlewares=local-ipwhitelist@file
db:
image: postgres:alpine3.18
container_name: bitwarden_unified_db
restart: always
environment:
POSTGRES_USER: "bitwarden"
POSTGRES_PASSWORD: "super_strong_password"
POSTGRES_DB: "bitwarden_vault"
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bitwarden-unified/psql:/var/lib/postgresql/data
#networks:
# - proxy
#networks:
# proxy:
# external: true

61
examples/bitwarden/settings.env Normal file
View file

@ -0,0 +1,61 @@
#####################
# Required Settings #
#####################
# Server hostname
BW_DOMAIN=bitwarden.example.com
# Database
# Available providers are sqlserver, postgresql, or mysql/mariadb
BW_DB_PROVIDER=postgresql
BW_DB_SERVER=db
BW_DB_DATABASE=bitwarden_vault
BW_DB_USERNAME=bitwarden
BW_DB_PASSWORD=super_strong_password
# Installation information
# Get your ID and key from https://bitwarden.com/host/
BW_INSTALLATION_ID=xxxxxxxx-xxxxxxxx-xxxxxxxxx-xxxxxxxxxxx # change this !!!
BW_INSTALLATION_KEY=MyInstallationkey # change this !!!
#####################
# Optional Settings #
#####################
# Learn more here: https://bitwarden.com/help/environment-variables/
# SSL
#BW_ENABLE_SSL=true
#BW_ENABLE_SSL_CA=true
#BW_SSL_CERT=ssl.crt
#BW_SSL_KEY=ssl.key
#BW_SSL_CA_CERT=ca.crt
# Services
# Some services, namely for enterprise use cases, are disabled by default. Defaults shown below.
#BW_ENABLE_ADMIN=true
#BW_ENABLE_API=true
#BW_ENABLE_EVENTS=false
#BW_ENABLE_ICONS=true
#BW_ENABLE_IDENTITY=true
#BW_ENABLE_NOTIFICATIONS=true
#BW_ENABLE_SCIM=false
#BW_ENABLE_SSO=false
#BW_ICONS_PROXY_TO_CLOUD=false
# Mail
#globalSettings__mail__replyToEmail=noreply@$BW_DOMAIN
#globalSettings__mail__smtp__host=smtphost.example.com
#globalSettings__mail__smtp__port=587
#globalSettings__mail__smtp__ssl=false
#globalSettings__mail__smtp__username=smtpusername
#globalSettings__mail__smtp__password=smtppassword
# Yubikey
#globalSettings__yubico__clientId=REPLACE
#globalSettings__yubico__key=REPLACE
# Other
#globalSettings__disableUserRegistration=true
#globalSettings__hibpApiKey=REPLACE
#adminSettings__admins="admin1@email.com,admin2@email.com"

3
examples/bookstack/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/linuxserver/docker-bookstack

58
examples/bookstack/docker-compose.yml Normal file
View file

@ -0,0 +1,58 @@
version: "3"
services:
bookstack:
image: linuxserver/bookstack
container_name: bookstack
hostname: bookstack
environment:
- PUID=1000
- PGID=1000
- APP_URL=http://127.0.0.1:8099 # change this to your prod url with https
- DB_HOST=bookstack_db
- DB_USER=bookstack
- DB_PASS=USERPW1
- DB_DATABASE=bookstackapp
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bookstack/config:/config
restart: unless-stopped
ports:
- 8099:80
depends_on:
- bookstack_db
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.bookstack.rule=Host(`bookstack.example.com`)
# - traefik.http.services.bookstack.loadbalancer.server.port=80
# # Optional part for file upload max sizes
# - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
# # Optional part for traefik middlewares
# - traefik.http.routers.bookstack.middlewares=local-ipwhitelist@file,authelia@docker
bookstack_db:
image: linuxserver/mariadb
container_name: bookstack_db
hostname: bookstack_db
environment:
- PUID=1000
- PGID=1000
- MYSQL_ROOT_PASSWORD=ROOTPW
- TZ=Europe/Berlin
- MYSQL_DATABASE=bookstackapp
- MYSQL_USER=bookstack
- MYSQL_PASSWORD=USERPW1
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bookstack/mariadb-config:/config
restart: unless-stopped
#networks:
# - proxy
#networks:
# proxy:
# external: true

4
examples/caddy/CaddyFile Normal file
View file

@ -0,0 +1,4 @@
service.example.com {
encode zstd gzip
reverse_proxy nginx:80
}

3
examples/caddy/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/caddyserver/caddy

15
examples/caddy/docker-compose.yml Normal file
View file

@ -0,0 +1,15 @@
version: "3.7"
services:
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
environment:
- TZ=Europe/Berlin
ports:
- "80:80"
- "443:443"
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/CaddyFile:/etc/caddy/Caddyfile
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/data:/data
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/config:/config

3
examples/changedetection/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/linuxserver/docker-changedetection.io

27
examples/changedetection/docker-compose.yml Normal file
View file

@ -0,0 +1,27 @@
version: "2.1"
services:
changedetection:
image: lscr.io/linuxserver/changedetection.io:latest
container_name: changedetection
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/changedetection/config:/config
ports:
- 5000:5000
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.http.routers.changedetection.rule=Host(`changedetection.example.com`)
# - traefik.http.services.changedetection.loadbalancer.server.port=5000
# - traefik.docker.network=proxy
# # Part for local lan services only; disable to expose externally
# - traefik.http.routers.changedetection.middlewares=local-ipwhitelist@file,basic-auth@file
#networks:
# proxy:
# external: true

31
examples/chevereto/README.md Normal file
View file

@ -0,0 +1,31 @@
# References
- https://github.com/chevereto/chevereto
# Notes
If you want to use bind mounts instead of Docker volumes, you can do so.
However, the container will report back permission errors for the path `/var/www/html/images/_assets/`. Something like:
````
chevereto | Exception thrown in /var/www/html/app/src/Legacy/Classes/LocalStorage.php:45
chevereto |
chevereto | # Message [Code #600]
chevereto | Path /var/www/html/images/_assets/ is not writable
````
Those can only be solved by spawning a shell into the Docker container and fixing the permissions as follows:
````
# spawning shell into the docker container
docker exec -it chevereto bash
# fixing permissions to www-data
mkdir -p /var/www/html/images/_assets
chown -R www-data:www-data /var/www/html/images/*
chmod -R 777 /var/www/html/images/*
````
No container restart necessary. The web application should now work flawlessly.
Note: The permission issues only occur if bind mounts are used over Docker named volumes.

60
examples/chevereto/docker-compose.yml Normal file
View file

@ -0,0 +1,60 @@
version: "3.7"
services:
chevereto:
image: ghcr.io/chevereto/chevereto:4.0
container_name: chevereto
init: true
restart: unless-stopped
volumes:
- chevereto:/var/www/html/images
ports:
- 8999:80
expose:
- 80
environment:
CHEVERETO_DB_HOST: mariadb
CHEVERETO_DB_USER: chevereto
CHEVERETO_DB_PASS: chevereto
CHEVERETO_DB_PORT: 3306
CHEVERETO_DB_NAME: chevereto
CHEVERETO_ASSET_STORAGE_TYPE: local
CHEVERETO_ASSET_STORAGE_URL: /images/_assets
CHEVERETO_ASSET_STORAGE_BUCKET: /var/www/html/images/_assets
# only enable the next env if chevereto is run behind a reverse proxy
# adjust to the corresponding http header of your reverse proxy, where a user's real IP is propagated
# see https://github.com/chevereto/chevereto/issues/44
#CHEVERETO_HEADER_CLIENT_IP: X-Forwarded-For
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.http.routers.chevereto.rule=Host(`chevereto.example.com`)
# - traefik.http.services.chevereto.loadbalancer.server.port=80
# - traefik.docker.network=proxy
# # Part for local lan services only
# - traefik.http.routers.chevereto.middlewares=authentik@docker
mariadb:
image: mariadb
container_name: chevereto_mariadb
restart: unless-stopped
init: true
environment:
MYSQL_DATABASE: chevereto
MYSQL_USER: chevereto
MYSQL_PASSWORD: chevereto
MARIADB_ROOT_PASSWORD: chevereto
volumes:
- chevereto_mariadb:/var/lib/mysql
#networks:
# - proxy
# volumes are recommended due to weird www-data permission in chevereto container
volumes:
chevereto: {}
chevereto_mariadb: {}
#networks:
# proxy:
# external: true

3
examples/cloudflare-ddns/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/favonia/cloudflare-ddns

19
examples/cloudflare-ddns/docker-compose.yml Normal file
View file

@ -0,0 +1,19 @@
version: "3"
services:
cloudflare-ddns:
image: favonia/cloudflare-ddns:latest
container_name: cloudflare-ddns
#network_mode: host
restart: always
user: "1000:1000"
cap_drop:
- all
read_only: true
security_opt:
- no-new-privileges:true
environment:
- CF_API_TOKEN=YOUR-CLOUDFLARE-API-TOKEN # pls adjust
- DOMAINS=example.org,www.example.org,example.io # pls adjust; a list of fully qualified domain names separated by commas
- PROXIED=false # if true, instructs Cloudflare to cache webpages on your machine and hide its actual IP addresses
- TZ=Europe/Berlin
- IP6_PROVIDER=none # disbale IPv6

3
examples/code-server/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/linuxserver/docker-code-server

39
examples/code-server/docker-compose.yml Normal file
View file

@ -0,0 +1,39 @@
version: "2.1"
services:
code-server:
image: lscr.io/linuxserver/code-server:latest
container_name: code-server
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- PASSWORD=MyStrongLoginPassword
- SUDO_PASSWORD=MyOptionalStrongSudoPassword #optional
#- SUDO_PASSWORD_HASH= #optional
- PROXY_DOMAIN=vscode.example.com #optional
- DEFAULT_WORKSPACE=/config/workspace #optional
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vscode/config:/config
ports:
- 8443:8443
restart: unless-stopped
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.codeserver.rule=Host(`code.example.com`)
# - traefik.http.services.codeserver.loadbalancer.server.port=8443
# # Optional part for file upload max sizes
# - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
# # Optional part for traefik middlewares
# - traefik.http.routers.codeserver.middlewares=local-ipwhitelist@file,authelia@docker
#networks:
# proxy:
# external: true

14
examples/cs2-dedicated-server/README.md Normal file
View file

@ -0,0 +1,14 @@
# References
- https://github.com/joedwards32/CS2
- https://github.com/shobhit-pathak/cs2-rcon-panel
# Notes
Minimum system requirements are:
- 2 CPUs
- 2 GiB RAM
- 40 GB of disk space for the container or mounted as a persistent volume on /home/steam/cs2-dedicated/
Default login for the rcon panel is `cspanel:v67ic55x4ghvjfj`.

53
examples/cs2-dedicated-server/docker-compose.yml Normal file
View file

@ -0,0 +1,53 @@
version: '3.7'
services:
cs2-server:
image: joedwards32/cs2
container_name: cs2-dedicated-server
restart: unless-stopped
environment:
# Server configuration
- SRCDS_TOKEN=<YOUR-GAME-SERVER-TOKEN> # Game Server Token from https://steamcommunity.com/dev/managegameservers
- CS2_SERVERNAME=MY-CS2-SERVER # (Set the visible name for your private server)
- CS2_CHEATS=0 # (0 - disable cheats, 1 - enable cheats)
- CS2_PORT=27015 # (CS2 server listen port tcp_udp)
- CS2_SERVER_HIBERNATE=0 # (Put server in a low CPU state when there are no players. 0 - hibernation disabled, 1 - hibernation enabled)
- CS2_LAN=0 # (0 - LAN mode disabled, 1 - LAN Mode enabled)
- CS2_RCONPW=cruelly-sequel-dejected # (RCON password)
- CS2_PW=sake-earthly-lair # (CS2 server password)
- CS2_MAXPLAYERS=10 # (Max players)
# Game modes
- CS2_GAMEALIAS=competitive # (Game type, e.g. casual, competitive, deathmatch. See https://developer.valvesoftware.com/wiki/Counter-Strike_2/Dedicated_Servers)
- CS2_GAMETYPE=0 # (Used if CS2_GAMEALIAS not defined. See https://developer.valvesoftware.com/wiki/Counter-Strike_2/Dedicated_Servers)
- CS2_GAMEMODE=1 # (Used if CS2_GAMEALIAS not defined. See https://developer.valvesoftware.com/wiki/Counter-Strike_2/Dedicated_Servers)
- CS2_MAPGROUP=mg_active # (Map pool)
- CS2_STARTMAP=de_dust2 # (Start map)
# Bots
- CS2_BOT_DIFFICULTY=0 # (0 - easy, 1 - normal, 2 - hard, 3 - expert)
- CS2_BOT_QUOTA=0 # (Number of bots)
- CS2_BOT_QUOTA_MODE=competitive # (fill, competitive)
# TV
- TV_AUTORECORD=0 # Automatically records all games as CSTV demos: 0=off, 1=on.
- TV_ENABLE=0 # Activates CSTV on server: 0=off, 1=on.
- TV_PORT=27020 # Host SourceTV port
- TV_PW=changeme # CSTV password for clients
- TV_RELAY_PW=changeme # CSTV password for relay proxies
- TV_MAXRATE=0 # World snapshots to broadcast per second. Affects camera tickrate.
- TV_DELAY=0 # Max CSTV spectator bandwidth rate allowed, 0 == unlimited
volumes:
- cs2:/home/steam/cs2-dedicated/
ports:
- 27015:27015/tcp # TCP
- 27015:27015/udp # UDP
#- 27020:27020/udp # UDP
cs2-rconpanel:
image: soren90/rcon-panel
container_name: cs2-rcon-panel
ports:
- 3000:3000
restart: unless-stopped
volumes:
cs2:

10
examples/dashy/README.md Normal file
View file

@ -0,0 +1,10 @@
# References
- https://github.com/Lissy93/dashy
# Notes
> [!CAUTION]
> Dashy's authentication happens on the client side only, which can be easily bypassed by an attacker. It is not recommended to expose Dashy, as it is not considered secure.
>
> More information [here](https://subract.dev/posts/dashy/)

23
examples/dashy/docker-compose.yml Normal file
View file

@ -0,0 +1,23 @@
---
version: "3.8"
services:
dashy:
container_name: dashy
hostname: dashy
image: lissy93/dashy
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/dashy/config/config.yml:/app/public/conf.yml
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/dashy/icons:/app/public/item-icons
environment:
- NODE_ENV=production
- UID=1000
- GID=1000
restart: unless-stopped
ports:
- 4000:80
healthcheck:
test: ['CMD', 'node', '/app/services/healthcheck']
interval: 1m30s
timeout: 10s
retries: 3
start_period: 40s

3
examples/deemix/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://gitlab.com/Bockiii/deemix-docker

31
examples/deemix/docker-compose.yml Normal file
View file

@ -0,0 +1,31 @@
version: "3"
services:
deemix:
container_name: deemix
environment:
- PUID=1000
- PGID=1000
hostname: deemix
image: registry.gitlab.com/bockiii/deemix-docker:latest
restart: unless-stopped
ports:
- 6595:6595
expose:
- 6595
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/deemix/config:/config
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/deemix/downloads:/downloads
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.deemix.rule=Host(`deemix.example.com`)
# - traefik.http.services.deemix.loadbalancer.server.port=6595
# # Optional part for traefik middlewares
# - traefik.http.routers.deemix.middlewares=local-ipwhitelist@file,authelia@docker
#networks:
# proxy:
# external: true

7
examples/docmost/README.md Normal file
View file

@ -0,0 +1,7 @@
# References
- https://github.com/docmost/docmost
# Notes
Ensure to adjust the `APP_URL` environment variable to your domain name with correct protocol (http or https) if you use a reverse proxy.

72
examples/docmost/docker-compose.yml Normal file
View file

@ -0,0 +1,72 @@
version: '3'
services:
docmost:
image: docmost/docmost:0.2.10
container_name: docmost
depends_on:
- db
- redis
environment:
- APP_URL=http://127.0.0.1:3000
- APP_SECRET=A_VERY_SECURE_STRING
- DATABASE_URL=postgresql://docmost:STRONG_DB_PASSWORD@db:5432/docmost?schema=public
- REDIS_URL=redis://redis:6379
# --------- S3 Storage Configuration --------
#- STORAGE_DRIVER=s3 # 'local' is the default; if you use s3 then fill out below env variables
#- AWS_S3_ACCESS_KEY_ID=xxx # Your AWS S3 access key ID
#- AWS_S3_SECRET_ACCESS_KEY=xxx # Your AWS S3 secret access key
#- AWS_S3_REGION=xxx # The region where your S3 bucket is located
#- AWS_S3_BUCKET=xxx # The name of your S3 bucket
#- AWS_S3_ENDPOINT=xxx # The endpoint URL for your S3 service (optional)
# --------- Mail Configuration --------
#- MAIL_DRIVER=smtp
#- SMTP_HOST=smtp.gmail.com
#- SMTP_PORT=587
#- SMTP_USERNAME=smtpuser
#- SMTP_PASSWORD=smtppassword
#- MAIL_FROM_ADDRESS=hello@example.com
#- MAIL_FROM_NAME=Docmost
ports:
- 3000:3000
expose:
- 3000
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/storage:/app/data/storage
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.docmost.rule=Host(`wiki.example.com`)
# - traefik.http.services.docmost.loadbalancer.server.port=3000
# # Optional part for traefik middlewares
# - traefik.http.routers.docmost.middlewares=local-ipwhitelist@file
db:
image: postgres:16-alpine
container_name: docmost-db
environment:
- POSTGRES_DB=docmost
- POSTGRES_USER=docmost
- POSTGRES_PASSWORD=STRONG_DB_PASSWORD
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/database:/var/lib/postgresql/data
#networks:
# - proxy
redis:
image: redis:7.2-alpine
container_name: docmost-redis
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/redis:/data
#networks:
# - proxy
#networks:
# proxy:
# external: true

3
examples/docuseal/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/docusealco/docuseal

52
examples/docuseal/docker-compose.yml Normal file
View file

@ -0,0 +1,52 @@
version: '3'
services:
app:
image: docuseal/docuseal:latest
container_name: docuseal
restart: unless-stopped
environment:
- DATABASE_URL=postgresql://postgres:postgres@postgres:5432/docuseal
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docuseal/data:/data
depends_on:
postgres:
condition: service_healthy
ports:
- 3000:3000
expose:
- 3000
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.docuseal.rule=Host(`docuseal.example.com`)
# - traefik.http.services.docuseal.loadbalancer.server.port=3000
# # Optional part for traefik middlewares
# - traefik.http.routers.docuseal.middlewares=local-ipwhitelist@file,authelia@docker
postgres:
image: postgres:15-alpine
container_name: docuseal-db
restart: unless-stopped
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
- POSTGRES_DB=docuseal
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docuseal/pg_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
timeout: 5s
retries: 5
expose:
- 5432
#networks:
# - proxy
#networks:
# proxy:
# external: true

3
examples/domainmod/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/domainmod/domainmod

40
examples/domainmod/docker-compose.yml Normal file
View file

@ -0,0 +1,40 @@
---
version: '3.7'
services:
app:
image: domainmod/domainmod:latest
container_name: domainmod_app
hostname: domainmod_app
depends_on:
- db
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- DOMAINMOD_WEB_ROOT=
- DOMAINMOD_DATABASE_HOST=db
- DOMAINMOD_DATABASE=domainmod
- DOMAINMOD_USER=domainmod
- DOMAINMOD_PASSWORD=password1
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/domainmod/app:/var/www/html
ports:
- 8080:80
restart: unless-stopped
db:
image: ghcr.io/linuxserver/mariadb:alpine
container_name: domainmod_db
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- MYSQL_DATABASE=domainmod
- MYSQL_USER=domainmod
- MYSQL_PASSWORD=password1
- MYSQL_ROOT_PASSWORD=password2
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/domainmod/database:/config
expose:
- 3306
restart: unless-stopped

3
examples/drone/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/harness/drone

55
examples/drone/docker-compose.yml Normal file
View file

@ -0,0 +1,55 @@
version: "3.7"
services:
drone-server:
image: drone/drone:latest
container_name: drone-server
restart: unless-stopped
dns:
- 192.168.178.100 # specify your internal dns server for proper dns lookups; especially if you are using https and hostnames
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/drone/data:/var/lib/drone
#- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- DRONE_DEBUG=true
#- DRONE_ADMIN=droneadm
#- DRONE_USER_CREATE=username:droneadm,admin:true
- DRONE_SERVER_PORT=:80
- DRONE_DATABASE_DRIVER=sqlite3
- DRONE_GIT_ALWAYS_AUTH=false
- DRONE_GITEA_SERVER=https://git.domain.tld # change this to your gitea instance
- DRONE_RPC_SECRET=8aff725d2e16ef31fbc42
- DRONE_SERVER_HOST=drone.domain.tld # change this to your drone instance
- DRONE_HOST=https://drone.domain.tld # change this to your drone instance; adjust http/https
- DRONE_SERVER_PROTO=https # adjust http/https
- DRONE_TLS_AUTOCERT=false
- DRONE_AGENTS_ENABLED=true
- DRONE_GITEA_CLIENT_ID=XXX-XXX # change this to your client ID from Gitea; see https://docs.drone.io/server/provider/gitea/
- DRONE_GITEA_CLIENT_SECRET=XXX-XXX # change this to your client secret from Gitea; see https://docs.drone.io/server/provider/gitea/
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.drone-server.rule=Host(`drone.domain.tld`)
- traefik.http.services.drone-server.loadbalancer.server.port=80
- traefik.docker.network=proxy
# Part for local lan services only; disable to expose externally
- traefik.http.routers.drone-server.middlewares=local-ipwhitelist@file
drone-agent:
image: drone/agent:1.2.1
command: agent
restart: unless-stopped
container_name: drone-agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock # optional; necessary if you run docker runners and need access to docker socket
environment:
- DRONE_RPC_SERVER=http://drone-server:80
- DRONE_RPC_SECRET=8aff725d2e16ef31fbc42
- DRONE_RUNNER_CAPACITY=2
networks:
- proxy
networks:
proxy:
external: true

3
examples/droppy/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/silverwind/droppy (deprecated)

16
examples/droppy/docker-compose-deprecated.yml Normal file
View file

@ -0,0 +1,16 @@
version: '2'
services:
droppy:
container_name: droppy
image: silverwind/droppy
ports:
- 8989:8989
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/droppy/config:/config
- /path/to/my/data/for/sharing:/files # path to shared files
environment:
- UID=1000
- GID=1000
- TZ="Europe/Berlin"
restart: unless-stopped

4
examples/duplicacy/README.md Normal file
View file

@ -0,0 +1,4 @@
# References
- https://hub.docker.com/r/saspus/duplicacy-web
- https://spin.atomicobject.com/2021/02/06/duplicacy-docker-image/

21
examples/duplicacy/docker-compose.yml Normal file
View file

@ -0,0 +1,21 @@
---
version: '3.7'
services:
duplicacy-web:
container_name: duplicacy-web
hostname: myhost # pls adjust
image: saspus/duplicacy-web:mini
environment:
- USR_ID=1000 # user account id on the system
- GRP_ID=1000 # group id on the system
- TZ=Europe/Berlin
- DUPLICACY_WEB_VERSION=latest
ports:
- "3875:3875/tcp"
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/config:/config
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/logs:/logs
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/cache:/cache
- /path/to/my/data/dir1:/data/dir1:ro # 1st path to your data for backup
- /path/to/my/data/dir2:/data/dir2:ro # 2nd path to your data for backup

3
examples/duplicati/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/duplicati/duplicati

28
examples/duplicati/docker-compose.yml Normal file
View file

@ -0,0 +1,28 @@
version: "3"
services:
duplicati:
container_name: duplicati
entrypoint:
- /init
ports:
- 8200:8200 # MGMT UI
environment:
- PUID=0
- PGID=1000
- TZ=Europe/Berlin
hostname: duplicati
image: linuxserver/duplicati:latest
#labels:
# - com.centurylinklabs.watchtower.enable=false
# - traefik.enable=true
# - traefik.http.routers.duplicati.rule=Host(`duplicati.example.com`)
# - traefik.http.services.duplicati.loadbalancer.server.port=8200
# - traefik.docker.network=proxy
# # Part for local lan services only
# - traefik.http.routers.duplicati.middlewares=local-ipwhitelist@file
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/backups:/backups
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/config:/config
- /path/to/my/data/to/backup:/source # change this

18
examples/evershop/README.md Normal file
View file

@ -0,0 +1,18 @@
# References
- https://github.com/evershopcommerce/evershop
- https://evershop.io/docs/development/getting-started/installation-guide
# Notes
After spawning up the docker containers, the webshop will be available on http://127.0.0.1:3000.
You can access the admin dashboard at /admin. You must create a new admin user by Docker exec as follows:
````
# exec into the evershop container
docker exec -it evershop sh
# creating a new admin user
npm run user:create -- --email "myemail@example.com" --password "MySuperSecurePassword" --name "MyName"
````

48
examples/evershop/docker-compose.yml Normal file
View file

@ -0,0 +1,48 @@
version: '3.8'
services:
app:
image: evershop/evershop:latest
container_name: evershop
restart: always
environment:
DB_HOST: database
DB_PORT: 5432
DB_PASSWORD: postgres
DB_USER: postgres
DB_NAME: postgres
depends_on:
- database
ports:
- 3000:3000
expose:
- 3000
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.evershop.rule=Host(`shop.example.com`)
# - traefik.http.services.evershop.loadbalancer.server.port=3000
# # Part for optional traefik middlewares
# - traefik.http.routers.evershop.middlewares=local-ipwhitelist@file,authelia@docker
database:
image: postgres:16
container_name: evershop-db
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/evershop/psqldata:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: postgres
POSTGRES_USER: postgres
POSTGRES_DB: postgres
expose:
- 5432
#networks:
# - proxy
#networks:
# proxy:
# external: true

10
examples/excalidraw/README.md Normal file
View file

@ -0,0 +1,10 @@
# References
- https://github.com/excalidraw/excalidraw
# Notes
Collaboration is not yet supported natively. You would have to also host an Excalidraw collaboration room:
- https://github.com/excalidraw/excalidraw-room
- https://github.com/excalidraw/excalidraw/issues/4993#issuecomment-1783669768

32
examples/excalidraw/docker-compose.yml Normal file
View file

@ -0,0 +1,32 @@
version: "3.8"
services:
excalidraw:
container_name: excalidraw
image: excalidraw/excalidraw:latest
ports:
- "3000:80"
restart: unless-stopped
stdin_open: true
healthcheck:
disable: true
environment:
- NODE_ENV=production
#networks:
# - proxy
#volumes:
# - ./:/opt/node_app/app:delegated
# - ./package.json:/opt/node_app/package.json
# - ./yarn.lock:/opt/node_app/yarn.lock
# - notused:/opt/node_app/app/node_modules
#labels:
# - traefik.enable=true
# - traefik.http.routers.excalidraw.rule=Host(`draw.example.com`)
# - traefik.http.services.excalidraw.loadbalancer.server.port=80
# - traefik.docker.network=proxy
# # Part for local lan services only; disable to expose externally
# - traefik.http.routers.excalidraw.middlewares=local-ipwhitelist@file
#networks:
# proxy:
# external: true

6
examples/fail2ban/README.md Normal file
View file

@ -0,0 +1,6 @@
# References
- https://github.com/crazy-max/docker-fail2ban
- https://blog.lrvt.de/configuring-fail2ban-with-traefik/
- https://blog.lrvt.de/fail2ban-with-nginx-proxy-manager/
- https://github.com/l4rm4nd/F2BFilters

18
examples/fail2ban/docker-compose.yml Normal file
View file

@ -0,0 +1,18 @@
version: "3"
services:
fail2ban:
container_name: fail2ban
cap_add:
- NET_ADMIN
- NET_RAW
environment:
- TZ=Europe/Berlin
- F2B_DB_PURGE_AGE=14d
image: crazymax/fail2ban:latest
network_mode: host
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/fail2Ban/data:/data
- /path/to/my/logs/to/monitor:/var/log
#- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik

8
examples/filebrowser/README.md Normal file
View file

@ -0,0 +1,8 @@
# References
- https://github.com/hurlenko/filebrowser-docker
- https://github.com/filebrowser/filebrowser
# Notes
Default login is `admin:admin` as mentioned [here](https://filebrowser.org/installation#:~:text=You%20just%20need%20to%20go,Password%3A%20admin).

15
examples/filebrowser/docker-compose.yml Normal file
View file

@ -0,0 +1,15 @@
version: "3"
services:
filebrowser:
image: hurlenko/filebrowser
container_name: filebrowser
user: 1000:1000 # adjust to your needs
ports:
- 8080:8080
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/data:/data
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/config:/config
environment:
- FB_BASEURL=/filebrowser
restart: unless-stopped

3
examples/filerun/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/filerun/docker

32
examples/filerun/docker-compose.yml Normal file
View file

@ -0,0 +1,32 @@
version: '2'
services:
db:
image: mariadb:10.1
container_name: filerun-db
environment:
- MYSQL_ROOT_PASSWORD=your_mysql_root_password
- MYSQL_USER=your_filerun_username
- MYSQL_PASSWORD=your_filerun_password
- MYSQL_DATABASE=your_filerun_database
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/db:/var/lib/mysql
filerun:
image: filerun/filerun
container_name: filerun
environment:
- FR_DB_HOST=db
- FR_DB_PORT=3306
- FR_DB_USER=your_filerun_username
- FR_DB_PASS=your_filerun_password
- FR_DB_NAME=your_filerun_database
depends_on:
- db
links:
- db:db
ports:
- 8080:80
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/html:/var/www/html
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/files:/user-files

316
examples/firefly/.env Normal file
View file

@ -0,0 +1,316 @@
# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
# Never set it to "testing".
APP_ENV=local
# Set to true if you want to see debug information in error screens.
APP_DEBUG=false
# This should be your email address.
# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE
# The variable is used in some errors shown to users who aren't admin.
SITE_OWNER=mail@example.com
# The encryption key for your sessions. Keep this very secure.
# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it.
# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE
#
# Avoid the "#" character in your APP_KEY, it may break things.
#
APP_KEY=SomeRandomStringOf32CharsExactly
# Firefly III will launch using this language (for new users and unauthenticated visitors)
# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang
#
# If text is still in English, remember that not everything may have been translated.
DEFAULT_LANGUAGE=en_US
# The locale defines how numbers are formatted.
# by default this value is the same as whatever the language is.
DEFAULT_LOCALE=equal
# Change this value to your preferred time zone.
# Example: Europe/Amsterdam
# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Europe/Berlin
# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
# Set it to ** and reverse proxies work just fine.
TRUSTED_PROXIES=*
# The log channel defines where your log entries go to.
# Several other options exist. You can use 'single' for one big fat error log (not recommended).
# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
# A rotating log option is 'daily', creates 5 files that (surprise) rotate.
# A cool option is 'papertrail' for cloud logging
# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time.
LOG_CHANNEL=stack
#
# Used when logging to papertrail:
#
PAPERTRAIL_HOST=
PAPERTRAIL_PORT=
# Log level. You can set this from least severe to most severe:
# debug, info, notice, warning, error, critical, alert, emergency
# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
# nothing will get logged, ever.
APP_LOG_LEVEL=notice
# Audit log level.
# Set this to "emergency" if you dont want to store audit logs, leave on info otherwise.
AUDIT_LOG_LEVEL=info
# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
# Use "pgsql" for PostgreSQL
# Use "mysql" for MySQL and MariaDB.
# Use "sqlite" for SQLite.
DB_CONNECTION=mysql
DB_HOST=db
DB_PORT=3306
DB_DATABASE=firefly
DB_USERNAME=firefly
DB_PASSWORD=MySecretDatabasePassword
# leave empty or omit when not using a socket connection
DB_SOCKET=
# MySQL supports SSL. You can configure it here.
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MYSQL_USE_SSL=false
MYSQL_SSL_VERIFY_SERVER_CERT=true
# You need to set at least of these options
MYSQL_SSL_CAPATH=/etc/ssl/certs/
MYSQL_SSL_CA=
MYSQL_SSL_CERT=
MYSQL_SSL_KEY=
MYSQL_SSL_CIPHER=
# PostgreSQL supports SSL. You can configure it here.
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
PGSQL_SSL_MODE=prefer
PGSQL_SSL_ROOT_CERT=null
PGSQL_SSL_CERT=null
PGSQL_SSL_KEY=null
PGSQL_SSL_CRL_FILE=null
# more PostgreSQL settings
PGSQL_SCHEMA=public
# If you're looking for performance improvements, you could install memcached or redis
CACHE_DRIVER=file
SESSION_DRIVER=file
# If you set either of the options above to 'redis', you might want to update these settings too
# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or
# REDIS_PORT_FILE to set the value from a file instead of from an environment variable
# can be tcp, unix or http
REDIS_SCHEME=tcp
# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise.
REDIS_PATH=
# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise.
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
# Use only with Redis 6+ with proper ACL set. Leave empty otherwise.
REDIS_USERNAME=
REDIS_PASSWORD=
# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly.
REDIS_DB="0"
REDIS_CACHE_DB="1"
# Cookie settings. Should not be necessary to change these.
# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set
# the value from a file instead of from an environment variable
# Setting samesite to "strict" may give you trouble logging in.
COOKIE_PATH="/"
COOKIE_DOMAIN=
COOKIE_SECURE=false
COOKIE_SAMESITE=lax
# If you want Firefly III to email you, update these settings
# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MAIL_MAILER=log
MAIL_HOST=null
MAIL_PORT=2525
MAIL_FROM=changeme@example.com
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
# Other mail drivers:
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MAILGUN_DOMAIN=
MAILGUN_SECRET=
# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net
# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
MAILGUN_ENDPOINT=api.mailgun.net
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MANDRILL_SECRET=
SPARKPOST_SECRET=
# Firefly III can send you the following messages.
SEND_ERROR_MESSAGE=true
# These messages contain (sensitive) transaction information:
SEND_REPORT_JOURNALS=true
# Set this value to true if you want to set the location
# of certain things, like transactions. Since this involves an external service, it's optional
# and disabled by default.
ENABLE_EXTERNAL_MAP=false
# Set this value to true if you want Firefly III to download currency exchange rates
# from the internet. These rates are hosted by the creator of Firefly III inside
# an Azure Storage Container.
# Not all currencies may be available. Rates may be wrong.
ENABLE_EXTERNAL_RATES=false
# The map will default to this location:
MAP_DEFAULT_LAT=51.983333
MAP_DEFAULT_LONG=5.916667
MAP_DEFAULT_ZOOM=6
#
# Firefly III authentication settings
#
#
# Firefly III supports a few authentication methods:
# - 'web' (default, uses built in DB)
# - 'remote_user_guard' for Authelia etc
# Read more about these settings in the documentation.
# https://docs.firefly-iii.org/advanced-installation/authentication
#
# LDAP is no longer supported :(
#
AUTHENTICATION_GUARD=web
#
# Remote user guard settings
#
AUTHENTICATION_GUARD_HEADER=REMOTE_USER
AUTHENTICATION_GUARD_EMAIL=
#
# Firefly III generates a basic keypair for your OAuth tokens.
# If you want, you can overrule the key with your own (secure) value.
# It's also possible to set PASSPORT_PUBLIC_KEY_FILE or PASSPORT_PRIVATE_KEY_FILE
# if you're using Docker secrets or similar solutions for secret management
#
PASSPORT_PRIVATE_KEY=
PASSPORT_PUBLIC_KEY=
#
# Extra authentication settings
#
CUSTOM_LOGOUT_URL=
# You can disable the X-Frame-Options header if it interferes with tools like
# Organizr. This is at your own risk. Applications running in frames run the risk
# of leaking information to their parent frame.
DISABLE_FRAME_HEADER=false
# You can disable the Content Security Policy header when you're using an ancient browser
# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
# This is at your own risk.
DISABLE_CSP_HEADER=false
# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here.
# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to.
# Do not prepend the TRACKER_URL with http:// or https://
# The only tracker supported is Matomo.
# You can set the following variables from a file by appending them with _FILE:
TRACKER_SITE_ID=
TRACKER_URL=
#
# Firefly III supports webhooks. These are security sensitive and must be enabled manually first.
#
ALLOW_WEBHOOKS=false
#
# The static cron job token can be useful when you use Docker and wish to manage cron jobs.
# 1. Set this token to any 32-character value (this is important!).
# 2. Use this token in the cron URL instead of a user's command line token.
#
# For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/
#
# You can set this variable from a file by appending it with _FILE
#
STATIC_CRON_TOKEN=
# You can fine tune the start-up of a Docker container by editing these environment variables.
# Use this at your own risk. Disabling certain checks and features may result in lots of inconsistent data.
# However if you know what you're doing you can significantly speed up container start times.
# Set each value to true to enable, or false to disable.
# Set this to true to build all locales supported by Firefly III.
# This may take quite some time (several minutes) and is generally not recommended.
# If you wish to change or alter the list of locales, start your Docker container with
# `docker run -v locale.gen:/etc/locale.gen -e DKR_BUILD_LOCALE=true`
# and make sure your preferred locales are in your own locale.gen.
DKR_BUILD_LOCALE=false
# Check if the SQLite database exists. Can be skipped if you're not using SQLite.
# Won't significantly speed up things.
DKR_CHECK_SQLITE=true
# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists
# and is up to date.
DKR_RUN_MIGRATION=true
# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date
# with the latest fixes (outside of migrations!)
DKR_RUN_UPGRADE=true
# Verify database integrity. Includes all data checks and verifications.
# Disabling this makes Firefly III assume your DB is intact.
DKR_RUN_VERIFY=true
# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state.
# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues.
DKR_RUN_REPORT=true
# Generate OAuth2 keys.
# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if)
# you had previously generated keys already and they're stored in your database for restoration.
DKR_RUN_PASSPORT_INSTALL=true
# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.
APP_NAME=FireflyIII
BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
CACHE_PREFIX=firefly
PUSHER_KEY=
IPINFO_TOKEN=
PUSHER_SECRET=
PUSHER_ID=
DEMO_USERNAME=
DEMO_PASSWORD=
IS_HEROKU=false
FIREFLY_III_LAYOUT=v1
#
# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable.
# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking.
# This configuration value WILL NOT HELP.
#
# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff.
#
# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else.
# So when configuring anything WEB related this variable doesn't do anything. Nothing
#
# If you're stuck I understand you get desperate but look SOMEWHERE ELSE.
#
APP_URL=http://localhost

4
examples/firefly/README.md Normal file
View file

@ -0,0 +1,4 @@
# References
- https://github.com/firefly-iii/docker
- https://docs.firefly-iii.org/firefly-iii/installation/docker/

26
examples/firefly/docker-compose.yml Normal file
View file

@ -0,0 +1,26 @@
version: '3.3'
services:
app:
image: fireflyiii/core:latest
container_name: firefly
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefly/upload:/var/www/html/storage/upload
env_file: .env
ports:
- 80:8080
depends_on:
- db
db:
image: mariadb
container_name: firefly-db
restart: unless-stopped
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
- MYSQL_USER=firefly
- MYSQL_PASSWORD=MySecretDatabasePassword # if changed --> also update in .env file
- MYSQL_DATABASE=firefly
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefly/mysql:/var/lib/mysql

3
examples/firefox/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://hub.docker.com/r/linuxserver/firefox

31
examples/firefox/docker-compose.yml Normal file
View file

@ -0,0 +1,31 @@
version: "3.3"
services:
firefox:
image: lscr.io/linuxserver/firefox:latest
container_name: firefox
hostname: firefox
restart: unless-stopped
security_opt:
- seccomp:unconfined # optional
environment:
- PUID=1000 # optional
- PGID=1000 # optional
- TZ=Europe/Berlin
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefox/config:/config
ports:
- 3210:3000
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.http.routers.firefox.rule=Host(`firefox.example.com`)
# - traefik.http.services.firefox.loadbalancer.server.port=8080
# - traefik.docker.network=proxy
# # Part for optional traefik middlewares
# - traefik.http.routers.firefox.middlewares=local-ipwhitelist@file,basic-auth@file
#networks:
# proxy:
# external: true

33
examples/firezone/.env Normal file
View file

@ -0,0 +1,33 @@
# Change these settings
EXTERNAL_URL=https://firezone.example.com
DEFAULT_ADMIN_EMAIL=admin@example.com
DEFAULT_ADMIN_PASSWORD=ins4vOVm9RwuiY4j
GUARDIAN_SECRET_KEY=qAWbvgyHUQVgRtF+JaJseNIt779CLADuYZdWfXPy4R6zQ51wom0SJtpvEVIGYKH0
SECRET_KEY_BASE=lThlZfb7E79kgKdg7q9e2jf/XF7VXSg/sFFi6xD7CUhVOybLhkYPyeYbFmIJ3Nv0
LIVE_VIEW_SIGNING_SALT=+lKcWppaW5GPqfYupk8qjuAfWuuHDxRA
COOKIE_SIGNING_SALT=i+nxqzyT
COOKIE_ENCRYPTION_SALT=CyMASGO+
DATABASE_ENCRYPTION_KEY=ftVUOP6G7twvORBaxVR1Z1d8gaKeJMeOIOtR+Zc1sIs=
DATABASE_PASSWORD=cN8IrZTSBMgcu++k
# The ability to change the IPv4 and IPv6 address pool will be removed
# in a future Firezone release in order to reduce the possible combinations
# of network configurations we need to handle.
#
# Due to the above, we recommend not changing these unless absolutely
# necessary.
WIREGUARD_IPV4_NETWORK=100.64.0.0/10
WIREGUARD_IPV4_ADDRESS=100.64.0.1
WIREGUARD_IPV6_NETWORK=fd00::/106
WIREGUARD_IPV6_ADDRESS=fd00::1
#PHOENIX_EXTERNAL_TRUSTED_PROXIES=["192.168.178.0/24"]
#PHOENIX_PRIVATE_CLIENTS=["192.168.0.0/24"]
# further env variables
# see https://github.com/firezone/firezone/blob/legacy/website/src/app/docs/reference/env-vars/readme.mdx
TELEMETRY_ENABLED=false
CONNECTIVITY_CHECKS_ENABLED=false
LOCAL_AUTH_ENABLED=true

44
examples/firezone/README.md Normal file
View file

@ -0,0 +1,44 @@
# Reference
- https://github.com/l4rm4nd/firezone (fork, maintained)
- https://github.com/firezone/firezone/tree/legacy (EoL)
> [!WARNING]
> Firezone v0.7 has reached End-of-Life on 31st January 2024.
>
> It undergoes a complete redesign (zero-knowledge, cloud) for v1.0 and won't provide any updates for the v0.7 (legacy) branch anymore. More information can be found [here](https://www.firezone.dev/blog/firezone-1-0).
> [!TIP]
> A new fork (l4rm4nd/fireabend) tries to fix outdated dependencies and keep the software alive.
>
> The fork starts with a new v7.0.0 release version and tag.
# Notes
````
# download compose file
wget https://raw.githubusercontent.com/Haxxnet/Compose-Examples/main/examples/firezone/docker-compose.yml
# generate an .env file
docker run --rm ghcr.io/l4rm4nd/firezone:latest bin/gen-env > .env
# adjust .env file to your needs
# define EXTERNAL_URL + DEFAULT_ADMIN_EMAIL + DEFAULT_ADMIN_PASSWORD
# disable telemetry via .env
echo -e "\nTELEMETRY_ENABLED=false" >> .env
# enable local auth
echo -e "\nLOCAL_AUTH_ENABLED=true" >> .env
# migrate database and create admin user
docker compose run --rm firezone bin/migrate
docker compose run --rm firezone bin/create-or-reset-admin
# spawn the container stack
docker compose up -d
````
Afterwards, the admin mgmt UI is accessible on http://127.0.0.1:13000.
It is recommended to combine Firezone with a TLS reverse proxy such as Traefik as well as with an Identity Provider (IdP) such as Keycloak or Authentik for Single-Sign-On (SSO). Once SSO is enabled, you should disable the possibility for local authentication via the .env file.

72
examples/firezone/docker-compose.yml Normal file
View file

@ -0,0 +1,72 @@
x-deploy: &default-deploy
restart_policy:
condition: unless-stopped
delay: 5s
window: 120s
update_config:
order: start-first
version: "3.7"
services:
firezone:
image: l4rm4nd/firezone
container_name: firezone-web
ports:
- 51820:51820/udp
- 127.0.0.1:13000:13000/tcp
expose:
- 13000
env_file:
# This should contain a list of env vars for configuring Firezone.
# See https://docs.firezone.dev/reference/env-vars for more info.
- ${FZ_INSTALL_DIR:-.}/.env
volumes:
# IMPORTANT: Persists WireGuard private key and other data. If
# /var/firezone/private_key exists when Firezone starts, it is
# used as the WireGuard private. Otherwise, one is generated.
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone/data:/var/firezone
cap_add:
# Needed for WireGuard and firewall support.
- NET_ADMIN
- SYS_MODULE
sysctls:
# Needed for masquerading and NAT.
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.ip_forward=1
- net.ipv6.conf.all.forwarding=1
depends_on:
- postgres
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.firezone_https.rule=Host(`firezone.example.com`)
# - traefik.http.routers.firezone_https.tls=true
# - traefik.http.services.firezone.loadbalancer.server.port=13000
# #- traefik.http.routers.firezone.middlewares=local-ipwhitelist@file
deploy:
<<: *default-deploy
postgres:
image: postgres:15-alpine
container_name: firezone-db
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone/db:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${DATABASE_NAME:-firezone}
POSTGRES_USER: ${DATABASE_USER:-postgres}
POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
deploy:
<<: *default-deploy
update_config:
order: stop-first
#networks:
# - proxy
#networks:
# proxy:
# external: true

3
examples/flame/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/pawelmalak/flame

14
examples/flame/docker-compose.yml Normal file
View file

@ -0,0 +1,14 @@
version: '3.6'
services:
flame:
image: pawelmalak/flame
container_name: flame
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/flame:/app/data
#- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
ports:
- 5005:5005
environment:
- PASSWORD=MyStrongLoginPassword
restart: unless-stopped

3
examples/flaresolverr/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://hub.docker.com/r/flaresolverr/flaresolverr

14
examples/flaresolverr/docker-compose.yml Normal file
View file

@ -0,0 +1,14 @@
version: '3.3'
services:
flaresolverr:
image: ghcr.io/flaresolverr/flaresolverr:latest
container_name: flaresolverr
ports:
- 8191:8191
environment:
- LOG_LEVEL=${LOG_LEVEL:-info}
- LOG_HTML=${LOG_HTML:-false}
- CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
- TZ=Europe/Berlin
restart: unless-stopped

9
examples/forte/README.md Normal file
View file

@ -0,0 +1,9 @@
# References
- https://github.com/kaangiray26/forte
# Notes
After deploying, the forte admin dashboard will be available on TCP/3000. You can log into the web dashboard using `forte` as username and `alternative` as password. Please change those default credentials. Use a reverse proxy like Traefik if you plan on exposing the forte instance, as HTTPS is required to stream flawlessly.
After creating a user account via the forte web dashboard, you can browse https://forte.buzl.uk/ and use your own server to stream music from. Specify your created user account and the automatically created password token.

59
examples/forte/docker-compose.yml Normal file
View file

@ -0,0 +1,59 @@
version: '3'
services:
app:
image: kaangiray26/forte:4.3
container_name: forte
restart: on-failure
ports:
- 3000:3000
depends_on:
postgres:
condition: service_healthy
environment:
port: 3000 # Set Port
version: "4.3" # Set Version
verbose: false # Verbose Logging
custom_about: false # For your own about page
hostname: localhost # Set Hostname
NODE_ENV: production # Set Node Environment
POSTGRES_HOST: postgres # Postgres Host/IP
POSTGRES_USER: forte # Set Postgres Username
POSTGRES_PASSWORD: forte # Set Postgres Password
POSTGRES_PORT: 5432 # Postgres Database Port
POSTGRES_DB: forte # Set Postgres Database Name
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/forte/library:/library # your music library to import from
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.http.routers.forte.rule=Host(`forte.example.com`)
# - traefik.http.services.forte.loadbalancer.server.port=3000
# - traefik.docker.network=proxy
# - traefik.http.middlewares.cors.headers.customResponseHeaders.Access-Control-Allow-Origin=https://forte.buzl.uk
# - traefik.http.middlewares.cors.headers.customFrameOptionsValue=forte.buzl.uk
# - traefik.http.middlewares.cors.headers.customResponseHeaders.Cross-Origin-Resource-Policy=cross-origin
# - traefik.http.routers.forte.middlewares=cors,local-ipwhitelist@file
postgres:
image: kaangiray26/postgres:2.0
container_name: forte-db
restart: always
environment:
POSTGRES_DB: forte # Set Postgres Database Name
POSTGRES_USER: forte # Set Postgres Username
POSTGRES_PASSWORD: forte # Set Postgres Password
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/forte/db:/var/lib/postgresql/data
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U forte" ]
interval: 10s
timeout: 5s
retries: 5
#networks:
# - proxy
#networks:
# proxy:
# external: true

12
examples/ghost/.env Normal file
View file

@ -0,0 +1,12 @@
DB_CLIENT=mysql
DB_HOST=database
DB_USER=ghost
DB_ROOT_PASS=password1
DB_USER_PASS=password2
DB_NAME=ghost
SMTP_HOST=smtp.google.com
SMTP_PORT=587
SMTP_USER=blog@example.com
SMTP_PASS=my-secure-smtp-password
SMTP_MAIL_FROM="Ghost <blog@example.com"

3
examples/ghost/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/TryGhost/Ghost

41
examples/ghost/docker-compose-rpi-arm.yml Normal file
View file

@ -0,0 +1,41 @@
version: '3.3'
services:
blog:
image: ghost:5
container_name: ghost
restart: always
ports:
- 8080:2368
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/content:/var/lib/ghost/content
environment:
# see https://ghost.org/docs/config/#configuration-options
database__client: ${DB_CLIENT:-mysql}
database__connection__host: ${DB_HOST:-database}
database__connection__user: ${DB_USER:-ghost}
database__connection__password: ${DB_USER_PASS:-DatabasePassword1234}
database__connection__database: ${DB_NAME:-ghost}
#url: https://blog.example.com # change this for production
NODE_ENV: production
#mail__transport: SMTP
#mail__options__host: ${SMTP_HOST:-smtp.google.com}
#mail__options__port: ${SMTP_PORT:-587}
#mail__options__auth__user: ${SMTP_USER:-blog@example.com}
#mail__options__auth__pass: ${SMTP_PASS:-SMTPPassword}
#mail__from: ${SMTP_MAIL_FROM:-Ghost}
database:
image: linuxserver/mariadb
container_name: ghost-db
environment:
- PUID=1000
- PGID=1000
- MYSQL_ROOT_PASSWORD=${DB_ROOT_PASS:-DatabasePassword1234}
- TZ=Europe/Berlin
- MYSQL_DATABASE=${DB_NAME:-ghost}
- MYSQL_USER=${DB_USER:-ghost}
- MYSQL_PASSWORD=${DB_USER_PASS:-DatabasePassword1234}
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/mariadb/config:/config
restart: unless-stopped

70
examples/ghost/docker-compose.yml Normal file
View file

@ -0,0 +1,70 @@
version: '3.3'
services:
blog:
image: ghost:5-alpine
container_name: ghost
restart: always
depends_on:
database:
condition: service_healthy
healthcheck:
test: "/usr/bin/nc localhost 2368 || exit 1"
interval: 30s
timeout: 10s
retries: 5
expose:
- 2368
ports:
- 2368:2368
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/content:/var/lib/ghost/content
environment:
# see https://ghost.org/docs/config/#configuration-options
database__client: ${DB_CLIENT:-mysql}
database__connection__host: ${DB_HOST:-database}
database__connection__user: ${DB_USER:-ghost}
database__connection__password: ${DB_USER_PASS:-DatabasePassword1234}
database__connection__database: ${DB_NAME:-ghost}
url: http://127.0.0.1:2368 # adjust to your domain and correct protocol handler + port
#NODE_ENV: developmnent # default is production already
#mail__transport: SMTP
#mail__options__host: ${SMTP_HOST:-smtp.google.com}
#mail__options__port: ${SMTP_PORT:-587}
#mail__options__auth__user: ${SMTP_USER:-ghost@example.com}
#mail__options__auth__pass: ${SMTP_PASS:-SMTPPassword}
#mail__from: ${SMTP_MAIL_FROM:-Ghost}
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.http.routers.ghost.rule=Host(`blog.example.com`)
# - traefik.http.services.ghost.loadbalancer.server.port=2368
# - traefik.docker.network=proxy
# # Part for local lan services only
# #- traefik.http.routers.ghost.middlewares=external-secure@file
database:
image: mysql:8
container_name: ghost_db
restart: always
healthcheck:
test: ["CMD", 'mysqladmin', 'ping', '-h', 'localhost', '-u', 'root', '-p$$DB_ROOT_PASS' ]
timeout: 20s
retries: 10
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ghost/mysql:/var/lib/mysql
expose:
- 3306
environment:
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS:-DatabaseRootPassword54321}
MYSQL_DATABASE: ${DB_NAME:-ghost}
MYSQL_USER: ${DB_USER:-ghost}
MYSQL_PASSWORD: ${DB_USER_PASS:-DatabasePassword1234}
#networks:
# - proxy
#networks:
# proxy:
# external: true

3
examples/gitea/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/go-gitea/gitea

29
examples/gitea/docker-compose.yml Normal file
View file

@ -0,0 +1,29 @@
version: "3"
services:
gitea:
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
hostname: gitea
ports:
- 3000:3000 #webgui
- 2222:22 #ssh
image: gitea/gitea:latest
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitea/data:/data
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.http.routers.gitea.rule=Host(`git.example.com`)
# - traefik.http.services.gitea.loadbalancer.server.port=3000
# - traefik.docker.network=proxy
# # Part for local lan services only
# - traefik.http.routers.gitea.middlewares=local-ipwhitelist@file
#networks:
# proxy:
# external: true

3
examples/gitlab/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://docs.gitlab.com/ee/install/docker.html

27
examples/gitlab/docker-compose.yml Normal file
View file

@ -0,0 +1,27 @@
version: '3.7'
services:
gitlab-ce:
image: gitlab/gitlab-ce:latest
restart: unless-stopped
container_name: gitlab-ce
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.example.com' # please adjust
ports:
- 8033:80 # HTTP
- 8434:443 # HTTPS
- 2222:22 # SSH
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitlab/config:/etc/gitlab
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitlab/logs:/var/log/gitlab
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitlab/data:/var/opt/gitlab
gitlab-runner:
image: gitlab/gitlab-runner:alpine
container_name: gitlab-runner
restart: unless-stopped
depends_on:
- gitlab-ce
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gitlab/runner:/etc/gitlab-runner

3
examples/gokapi/README.md Normal file
View file

@ -0,0 +1,3 @@
# References
- https://github.com/Forceu/Gokapi

12
examples/gokapi/docker-compose.yml Normal file
View file

@ -0,0 +1,12 @@
version: "3.7"
services:
gokapi:
image: f0rc3/gokapi:latest
container_name: gokapi
restart: unless-stopped
ports:
- 53842:53842
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gokapi/data:/app/data
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gokapi/config:/app/config

3894
examples/grafana-monitoring/Grafana_Dashboard_Template.json Normal file
View file

File diff suppressed because it is too large Load diff

18
examples/grafana-monitoring/README.md Normal file
View file

@ -0,0 +1,18 @@
# References
- https://blog.lrvt.de/monitoring-dashboard-with-grafana-telegraf-influxdb-and-docker/
- https://blog.lrvt.de/log-visualization-with-grafana-loki-promtail/
# Notes
Spawning up this docker stack will provide you with:
- A containerized Grafana web instance runnning on the default port TCP/3000
- A containerized Telegraf instance that fetches data points from your docker host server
- A containerized InfluxDB instance for storing Telegraf data, which can be defined in Grafana as datasource (just specify `http://influxdb:8086`). Default database is `telegraf`. Default username is `telegrafuser`. Default password is `MyStrongTelegrafPassword`. Defaults can be changed in `/volume-data/influxdb/init/create-database.iql`.
- A containerized Promtail instance that can fetch various log files (bind mounted into the promtail container from your docker host server) and send them into the Loki container (e.g. /var/log/auth.log or your Traefik reverse proxy logs)
- A containerized Loki instance for storing Promtail log data, which can be defined in Grafana as datasource (just specify `http://loki:3100`). No authentication enabled per default.
Finally, after configuring InfluxDB and Loki as datasources on Grafana, you can just import the provided `Grafana_Dashboard_Template.json` dashboard template YAML file in Grafana by browsing http://127.0.0.1:3000/dashboard/import. Your dashboard will look like the following:
<img src="https://blog.lrvt.de/content/images/2022/11/image-4-1.png">

104
examples/grafana-monitoring/docker-compose.yml Normal file
View file

@ -0,0 +1,104 @@
version: "2"
services:
loki:
image: grafana/loki:2.9.10
hostname: loki
container_name: loki
volumes:
- ./volume-data/loki:/etc/loki # place loki-config.yml
ports:
- "127.0.0.1:3100:3100"
restart: unless-stopped
user: 1000:1000
command: -config.file=/etc/loki/loki-config.yml
#networks:
# - monitoring_default
promtail:
image: grafana/promtail:latest
container_name: promtail
depends_on:
- loki
hostname: promtail
volumes:
- /var/log:/var/log:ro # let promtail access the docker host's log files
- ./volume-data/promtail:/etc/promtail # place promtail-config.yml
#- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik # let promtail access your traefik reverse logs
restart: unless-stopped
command: -config.file=/etc/promtail/promtail-config.yml
#networks:
# - monitoring_default
influxdb:
image: influxdb:1.8
container_name: influxdb
hostname: influxdb
restart: unless-stopped
volumes:
- ./volume-data/influxdb/data:/var/lib/influxdb
- ./volume-data/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf:ro # place infuxdb.conf
- ./volume-data/influxdb/init:/docker-entrypoint-initdb.d # place create-database.iql for database init
environment:
- INFLUXDB_ADMIN_USER=admin
- INFLUXDB_ADMIN_PASSWORD=SuperDuperAdminPW
#networks:
# - monitoring_default
telegraf:
image: telegraf:latest
restart: unless-stopped
user: telegraf:$(stat -c '%g' /var/run/docker.sock) # see: https://www.influxdata.com/blog/docker-run-telegraf-as-non-root/
container_name: telegraf
hostname: telegraf
dns:
- 1.1.1.1
- 8.8.8.8
depends_on:
- influxdb
volumes:
- ./volume-data/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro # place telegraf.conf
- /:/hostfs:ro
- /etc:/hostfs/etc:ro
- /proc:/hostfs/proc:ro
- /sys:/hostfs/sys:ro
- /var/run/utmp:/var/run/utmp:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- HOST_ETC=/hostfs/etc
- HOST_PROC=/hostfs/proc
- HOST_SYS=/hostfs/sys
- HOST_MOUNT_PREFIX=/hostfs
#networks:
# - monitoring_default
grafana:
container_name: grafana
hostname: grafana
user: 1000:1000
depends_on:
- influxdb
- loki
- promtail
image: grafana/grafana:latest
restart: unless-stopped
#environment:
# - GF_SERVER_ROOT_URL=https://grafana.example.com # optional
volumes:
- ./volume-data/grafana:/var/lib/grafana
ports:
- 3000:3000
#networks:
# - monitoring_default
#labels:
# - traefik.enable=true
# - traefik.http.routers.grafana.rule=Host(`grafana.example.com`)
# - traefik.http.services.grafana.loadbalancer.server.port=3000
# - traefik.docker.network=proxy
# # Part for local lan services only
# - traefik.http.routers.grafana.middlewares=local-ipwhitelist@file
#networks:
# monitoring_default:
# external: true

24
examples/grafana-monitoring/volume-data/influxdb/influxdb.conf Normal file
View file

@ -0,0 +1,24 @@
# Bind address to use for the RPC service for backup and restore.
bind-address = "127.0.0.1:8088"
[meta]
dir = "/var/lib/influxdb/meta"
[data]
dir = "/var/lib/influxdb/data"
wal-dir = "/var/lib/influxdb/wal"
series-id-set-cache-size = 100
[http]
enabled = true
bind-address = ":8086"
auth-enabled = true
[logging]
[subscriber]
[[graphite]]
[[collectd]]
[[opentsdb]]
[[udp]]
[continuous_queries]
[tls]
[coordinator]
[retention]
[shard-precreation]
[monitor]

3
examples/grafana-monitoring/volume-data/influxdb/init/create-database.iql Normal file
View file

@ -0,0 +1,3 @@
CREATE DATABASE telegraf WITH DURATION 31d
CREATE USER telegrafuser WITH PASSWORD 'MyStrongTelegrafPassword'
GRANT ALL ON telegraf to telegrafuser

48
examples/grafana-monitoring/volume-data/loki/loki-config.yml Normal file
View file

@ -0,0 +1,48 @@
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9096
common:
path_prefix: /tmp/loki
storage:
filesystem:
chunks_directory: /tmp/loki/chunks
rules_directory: /tmp/loki/rules
replication_factor: 1
ring:
instance_addr: 127.0.0.1
kvstore:
store: inmemory
limits_config:
reject_old_samples: true
reject_old_samples_max_age: 168h
retention_period: 360h
max_query_series: 100000
max_query_parallelism: 2
split_queries_by_interval: 0
schema_config:
configs:
- from: 2020-10-24
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
query_range:
parallelise_shardable_queries: false
querier:
max_concurrent: 2048
frontend:
max_outstanding_per_tenant: 4096
compress_responses: true
ruler:
alertmanager_url: http://localhost:9093

Some files were not shown because too many files have changed in this diff Show more