-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathdocker-compose.yml
85 lines (83 loc) · 3.92 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
services:
# Make sure you have updated/checked the .env file with the correct variables.
# All the ${ xx } need to be defined there.
# Tailscale Sidecar Configuration
tailscale:
image: tailscale/tailscale:latest # Image to be used
container_name: tailscale-${SERVICE} # Name for local container management
hostname: ${SERVICE} # Name used within your Tailscale environment
environment:
- TS_AUTHKEY=${TS_AUTHKEY}
- TS_STATE_DIR=/var/lib/tailscale
- TS_SERVE_CONFIG=/config/serve.json # Tailsacale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
- TS_USERSPACE=false
- TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz"
- TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The <addr>:<port> for the healthz endpoint
#- TS_EXTRA_ARGS=--accept-dns=true # Uncomment when using MagicDNS
volumes:
- ${PWD}/config:/config # Config folder used to store Tailscale files - you may need to change the path
- ${PWD}/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
devices:
- /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
cap_add:
- net_admin # Tailscale requirement
- sys_module # Tailscale requirement
ports:
- 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
# If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
# dns:
# - ${DNS_SERVER}
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
interval: 1m # How often to perform the check
timeout: 10s # Time to wait for the check to succeed
retries: 3 # Number of retries before marking as unhealthy
start_period: 10s # Time to wait before starting health checks
restart: always
# ${SERVICE}
traefik_proxy:
image: ${IMAGE_URL} # Image to be used
network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
container_name: app-${SERVICE} # Name for local container management
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Amsterdam
depends_on:
tailscale:
condition: service_healthy
healthcheck:
test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running
interval: 1m # How often to perform the check
timeout: 10s # Time to wait for the check to succeed
retries: 3 # Number of retries before marking as unhealthy
start_period: 30s # Time to wait before starting health checks
restart: always
volumes:
- type: bind
source: ${PWD}/${SERVICE}-data/app/traefik.yml
target: /etc/traefik.yml
- ${PWD}/${SERVICE}-data/log/:/var/log/
- /var/run/docker.sock:/var/run/docker.sock #Required for the Service Connections
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.ssl.address=:443"
- --log.level=INFO
- --log.filepath=/var/log/traefik.log
- --accesslog=true
- --accesslog.filepath=/var/log/traefik.access.log
- --experimental.plugins.traefik-plugin-geoblock.modulename=github.com/nscuro/traefik-plugin-geoblock
- --experimental.plugins.traefik-plugin-geoblock.version=v0.14.0
labels:
- traefik.enable=true
- traefik.http.routers.mydashboard.rule=Host(`traefik.domain.local`)
- traefik.http.routers.mydashboard.service=api@internal
simpleweb:
image: yeasy/simple-web:latest
labels:
- traefik.enable=true # To
- traefik.http.routers.simpleweb.rule=Host(`simpleweb.domain.local`)
- traefik.http.routers.simpleweb.entrypoints=web