version: "3.1" services: wireguard: image: lscr.io/linuxserver/wireguard:latest container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE #optional environment: - PUID=1400 - TZ=Etc/UTC - VIRTUAL_PORT=9091 volumes: - "{{docker.wireguard.root_volume}}:/config" - /lib/modules:/lib/modules #optional ports: - 51820:51820/udp - 9091:9091 sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped audiobookshelf: container_name: audiobookshelf image: ghcr.io/advplyr/audiobookshelf:latest ports: - 13378:80 volumes: - "{{docker.audiobookshelf.volumes_path}}/audiobooks:/audiobooks" - "{{docker.audiobookshelf.volumes_path}}/podcasts:/podcasts" - "{{docker.audiobookshelf.volumes_path}}/config:/config" - "{{docker.audiobookshelf.volumes_path}}/metadata:/metadata" environment: - TZ=Etc/UTC restart: unless-stopped labels: traefik.enable: true # redirect scheme traefik.http.middlewares.audiobookshelf-redirect.redirectscheme.scheme: https traefik.http.middlewares.audiobookshelf-redirect.redirectscheme.permanent: true # http traefik.http.routers.audiobookshelf-web.rule: Host(`audiobookshelf.zacke.xyz`) traefik.http.routers.audiobookshelf-web.entrypoints: web traefik.http.routers.audiobookshelf-web.middlewares: audiobookshelf-redirect # https traefik.http.routers.audiobookshelf-websecure.rule: Host(`audiobookshelf.zacke.xyz`) traefik.http.routers.audiobookshelf-websecure.entrypoints: websecure traefik.http.routers.audiobookshelf-websecure.tls.certresolver: myresolver traefik.http.routers.audiobookshelf-websecure.middlewares: audiobookshelf-redirect # services traefik.http.services.audiobookshelf-websecure.loadbalancer.server.port: 80 traefik.http.services.audiobookshelf-websecure.loadbalancer.server.scheme: http unifi-controller: image: lscr.io/linuxserver/unifi-controller:7.2.92 environment: - PUID=1400 - MEM_LIMIT=1024 - MEM_STARTUP=1024 volumes: - "{{docker.volumes_path}}/unifi_controller:/config" ports: - 8443:8443 - 3478:3478/udp - 10001:10001/udp - 8080:8080 - 1900:1900/udp - 8843:8843 - 8880:8880 - 6789:6789 - 5514:5514/udp restart: always labels: traefik.enable: true # redirect scheme traefik.http.middlewares.unifi-redirect.redirectscheme.scheme: https traefik.http.middlewares.unifi-redirect.redirectscheme.permanent: true # http traefik.http.routers.unifi-web.rule: Host(`unifi.zacke.xyz`) traefik.http.routers.unifi-web.entrypoints: web traefik.http.routers.unifi-web.middlewares: unifi-redirect # https traefik.http.routers.unifi-websecure.rule: Host(`unifi.zacke.xyz`) traefik.http.routers.unifi-websecure.entrypoints: websecure traefik.http.routers.unifi-websecure.tls.certresolver: myresolver traefik.http.routers.unifi-websecure.middlewares: unifi-redirect # services traefik.http.services.unifi-websecure.loadbalancer.server.port: 8443 traefik.http.services.unifi-websecure.loadbalancer.server.scheme: https jellyfin: image: lscr.io/linuxserver/jellyfin:latest container_name: jellyfin environment: - PUID=1400 - PGID=1202 - TZ=Etc/UTC - JELLYFIN_PublishedServerUrl=https://jellyfin.zacke.xyz volumes: - "{{docker.jellyfin.config_volume}}/jellyfin:/config" - "{{docker.jellyfin.tv_volume}}:/tvshows" - "{{docker.jellyfin.movies_volume}}:/movies" restart: unless-stopped ports: - 8096:8096 - 8920:8920 - 7359:7359/udp #- 1900:1900/udp labels: traefik.enable: true # redirect scheme traefik.http.middlewares.jellyfin-redirect.redirectscheme.scheme: https traefik.http.middlewares.jellyfin-redirect.redirectscheme.permanent: true # http traefik.http.routers.jellyfin-web.rule: Host(`jellyfin.zacke.xyz`) traefik.http.routers.jellyfin-web.entrypoints: web traefik.http.routers.jellyfin-web.middlewares: jellyfin-redirect # https traefik.http.routers.jellyfin-websecure.rule: Host(`jellyfin.zacke.xyz`) traefik.http.routers.jellyfin-websecure.entrypoints: websecure traefik.http.routers.jellyfin-websecure.tls.certresolver: myresolver traefik.http.routers.jellyfin-websecure.middlewares: jellyfin-redirect # services traefik.http.services.jellyfin-websecure.loadbalancer.server.port: 8096 plex: image: lscr.io/linuxserver/plex:latest container_name: plex environment: - PUID=1400 # docker - PGID=1202 # warez - TZ=Etc/UTC - VERSION=docker volumes: - "{{docker.plex.config_volume}}/plex:/config" - "{{docker.plex.tv_volume}}:/tv" - "{{docker.plex.movies_volume}}:/movies" restart: unless-stopped ports: - 32400:32400 - 32400:32400/udp - 1901:1900/udp - 8324:8324 - 32410:32410/udp - 32412:32412/udp - 32413:32413/udp - 32414:32414/udp - 32469:32469 # This makes the instance claiming a lot easier since you can access the host on the same subnet. #network_mode: host labels: traefik.enable: true # redirect scheme traefik.http.middlewares.plex-redirect.redirectscheme.scheme: https traefik.http.middlewares.plex-redirect.redirectscheme.permanent: true # http traefik.http.routers.plex-web.rule: Host(`plex.zacke.xyz`) traefik.http.routers.plex-web.entrypoints: web traefik.http.routers.plex-web.middlewares: plex-redirect # https traefik.http.routers.plex-websecure.rule: Host(`plex.zacke.xyz`) traefik.http.routers.plex-websecure.entrypoints: websecure traefik.http.routers.plex-websecure.tls.certresolver: myresolver traefik.http.routers.plex-websecure.middlewares: plex-redirect # services traefik.http.services.plex-websecure.loadbalancer.server.port: 32400 frigate: container_name: frigate privileged: true # this may not be necessary for all setups restart: unless-stopped image: ghcr.io/blakeblackshear/frigate:0.14.1 shm_size: "150mb" # update for your cameras based on calculation in docs devices: #- /dev/bus/usb:/dev/bus/usb # passes the USB Coral, needs to be modified for other versions # /dev/apex_0:/dev/apex_0 # passes a PCIe Coral, follow driver instructions here https://coral.ai/docs/m2/get-started/#2a-on-linux - /dev/dri/renderD128 # for intel hwaccel, needs to be updated for your hardware volumes: - /etc/localtime:/etc/localtime:ro - "{{docker.frigate.config_volume}}:/config" - "{{docker.frigate.media_volume}}:/media/frigate" - type: tmpfs # Optional: 2GB of memory, reduces SSD/SD Card wear target: /tmp/cache tmpfs: size: 2000000000 ports: - "5000:5000" - "8554:8554" # RTSP feeds - "8555:8555/tcp" # WebRTC over tcp - "8555:8555/udp" # WebRTC over udp environment: FRIGATE_RTSP_PASSWORD: "{{docker.frigate.rtsp_password}}" labels: traefik.enable: true # redirect scheme traefik.http.middlewares.frigate-redirect.redirectscheme.scheme: https traefik.http.middlewares.frigate-redirect.redirectscheme.permanent: true # http traefik.http.routers.frigate-web.rule: Host(`frigate.zacke.xyz`) traefik.http.routers.frigate-web.entrypoints: web traefik.http.routers.frigate-web.middlewares: frigate-redirect # https traefik.http.routers.frigate-websecure.rule: Host(`frigate.zacke.xyz`) traefik.http.routers.frigate-websecure.entrypoints: websecure traefik.http.routers.frigate-websecure.tls.certresolver: myresolver traefik.http.routers.frigate-websecure.middlewares: frigate-redirect # services traefik.http.services.frigate-websecure.loadbalancer.server.port: 5000 influxdb: image: influxdb:1.8-alpine container_name: influxdb restart: always environment: - INFLUXDB_DB=influx - INFLUXDB_ADMIN_USER=admin - "INFLUXDB_ADMIN_PASSWORD={{docker.influxdb.admin_password}}" ports: - "8086:8086" volumes: - "{{docker.influxdb.data_volume}}:/var/lib/influxdb" grafana: image: grafana/grafana container_name: grafana restart: always depends_on: - influxdb environment: - GF_SECURITY_ADMIN_USER=admin - "GF_SECURITY_ADMIN_PASSWORD={{docker.grafana.admin_password}}" - GF_INSTALL_PLUGINS= links: - influxdb ports: - "3000:3000" volumes: - "{{docker.grafana.data_volume}}:/var/lib/grafana" user: "1400" # docker labels: traefik.enable: true # redirect scheme traefik.http.middlewares.grafana-redirect.redirectscheme.scheme: https traefik.http.middlewares.grafana-redirect.redirectscheme.permanent: true # http traefik.http.routers.grafana-web.rule: Host(`grafana.zacke.xyz`) traefik.http.routers.grafana-web.entrypoints: web traefik.http.routers.grafana-web.middlewares: grafana-redirect # https traefik.http.routers.grafana-websecure.rule: Host(`grafana.zacke.xyz`) traefik.http.routers.grafana-websecure.entrypoints: websecure traefik.http.routers.grafana-websecure.tls.certresolver: myresolver traefik.http.routers.grafana-websecure.middlewares: grafana-redirect # services traefik.http.services.grafana-websecure.loadbalancer.server.port: 3000 photoprism: container_name: photoprism user: "1401:1201" # photoprism image: photoprism/photoprism:latest restart: unless-stopped stop_grace_period: 10s depends_on: - mariadb security_opt: - seccomp:unconfined - apparmor:unconfined ports: - "2342:2342" # HTTP port (host:container) environment: PHOTOPRISM_ADMIN_USER: "wholteza" # admin login username PHOTOPRISM_ADMIN_PASSWORD: "{{docker.photoprism.admin_password}}" # initial admin password (8-72 characters) PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) PHOTOPRISM_SITE_URL: "http://bigboi.zacke.xyz:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)" PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video) PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) PHOTOPRISM_LOG_LEVEL: "warning" # log level: trace, debug, info, warning, error, fatal, or panic PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality) PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow) PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow) PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance) PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100) PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow) PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow) # PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port) PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name PHOTOPRISM_DATABASE_PASSWORD: "{{docker.mariadb.database_password}}" # MariaDB or MySQL database user password PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description PHOTOPRISM_SITE_AUTHOR: "" # meta site author ## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/): # PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi) # PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840) # PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50) ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean): # PHOTOPRISM_INIT: "https gpu tensorflow" ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200): # PHOTOPRISM_UID: 1000 # PHOTOPRISM_GID: 1000 # PHOTOPRISM_UMASK: 0000 ## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200): # user: "1000:1000" ## Share hardware devices with FFmpeg and TensorFlow (optional): # devices: # - "/dev/dri:/dev/dri" # Intel QSV # - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA # - "/dev/nvidiactl:/dev/nvidiactl" # - "/dev/nvidia-modeset:/dev/nvidia-modeset" # - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl" # - "/dev/nvidia-uvm:/dev/nvidia-uvm" # - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools" # - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m) working_dir: "/photoprism" # do not change or remove ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory volumes: # "/host/folder:/photoprism/folder" # Example - "{{docker.photoprism.image_volumes.lilleback}}:/photoprism/originals" # Original media files (DO NOT REMOVE) - "{{docker.photoprism.image_volumes.ellen}}:/photoprism/originals/ellen" # Original media files (DO NOT REMOVE) # - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this # - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals - "{{docker.photoprism.data_volume}}:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE) labels: traefik.enable: true # redirect scheme traefik.http.middlewares.photoprism-redirect.redirectscheme.scheme: https traefik.http.middlewares.photoprism-redirect.redirectscheme.permanent: true # http traefik.http.routers.photoprism-web.rule: Host(`photoprism.zacke.xyz`) traefik.http.routers.photoprism-web.entrypoints: web traefik.http.routers.photoprism-web.middlewares: photoprism-redirect # https traefik.http.routers.photoprism-websecure.rule: Host(`photoprism.zacke.xyz`) traefik.http.routers.photoprism-websecure.entrypoints: websecure traefik.http.routers.photoprism-websecure.tls.certresolver: myresolver traefik.http.routers.photoprism-websecure.middlewares: photoprism-redirect # services traefik.http.services.photoprism-websecure.loadbalancer.server.port: 2342 mariadb: container_name: mariadb user: "1401" # photoprism image: mariadb:11 restart: unless-stopped stop_grace_period: 5s security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239 - seccomp:unconfined - apparmor:unconfined command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 volumes: - "{{docker.mariadb.data_volume}}:/var/lib/mysql" environment: MARIADB_AUTO_UPGRADE: "1" MARIADB_INITDB_SKIP_TZINFO: "1" MARIADB_DATABASE: "photoprism" MARIADB_USER: "photoprism" MARIADB_PASSWORD: "{{docker.mariadb.database_password}}" MARIADB_ROOT_PASSWORD: "{{docker.mariadb.database_password}}" vaultwarden: image: vaultwarden/server:1.32.7 container_name: vaultwarden restart: unless-stopped environment: DOMAIN: "https://vaultwarden.zacke.xyz" INVITATIONS_ALLOWED: "true" SIGNUPS_ALLOWED: "false" SIGNUPS_VERIFY: "true" ORG_CREATION_USERS: zackarias@montell.se ADMIN_TOKEN: "{{docker.vaultwarden.admin_token}}" # Email SMTP_HOST: "{{docker.vaultwarden.smtp_host}}" SMTP_FROM: "{{docker.vaultwarden.smtp_user}}" SMTP_FROM_NAME: "Bitwarden Lillebäck" SMTP_PORT: "{{docker.vaultwarden.smtp_port}}" SMTP_SSL: "true" SMTP_USERNAME: "{{docker.vaultwarden.smtp_user}}" SMTP_PASSWORD: "{{docker.vaultwarden.smtp_pass}}" EXPERIMENTAL_CLIENT_FEATURE_FLAGS: "autofill-v2,ssh-key-vault-item,ssh-agent" volumes: - "{{docker.vaultwarden.data_volume}}:/data" ports: - 8081:80 labels: traefik.enable: true # redirect scheme traefik.http.middlewares.vaultwarden-redirect.redirectscheme.scheme: https traefik.http.middlewares.vaultwarden-redirect.redirectscheme.permanent: true # http traefik.http.routers.vaultwarden-web.rule: Host(`vaultwarden.zacke.xyz`) traefik.http.routers.vaultwarden-web.entrypoints: web traefik.http.routers.vaultwarden-web.middlewares: vaultwarden-redirect # https traefik.http.routers.vaultwarden-websecure.rule: Host(`vaultwarden.zacke.xyz`) traefik.http.routers.vaultwarden-websecure.entrypoints: websecure traefik.http.routers.vaultwarden-websecure.tls.certresolver: myresolver traefik.http.routers.vaultwarden-websecure.middlewares: vaultwarden-redirect # services traefik.http.services.vaultwarden-websecure.loadbalancer.server.port: 80 reverse-proxy: container_name: "reverse-proxy" image: traefik:v3.2 command: - --api.insecure=true - --providers.docker=true - --providers.docker.exposedbydefault=false - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --certificatesresolvers.myresolver.acme.dnschallenge=true - --certificatesresolvers.myresolver.acme.dnschallenge.provider=linodev4 #- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory - --certificatesresolvers.myresolver.acme.email=hosting@montell.com - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json - --serversTransport.insecureSkipVerify=true ports: # The Web UI (enabled by --api.insecure=true) - "8082:8080" - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock - "{{docker.letsencrypt.data_volume}}:/letsencrypt" environment: LINODE_TOKEN: "{{docker.letsencrypt.linode_token}}" labels: traefik.enable: true # redirect scheme traefik.http.middlewares.traefik-redirect.redirectscheme.scheme: https traefik.http.middlewares.traefik-redirect.redirectscheme.permanent: true # http traefik.http.routers.traefik-web.rule: Host(`traefik.zacke.xyz`) traefik.http.routers.traefik-web.entrypoints: web traefik.http.routers.traefik-web.middlewares: traefik-redirect # https traefik.http.routers.traefik-websecure.rule: Host(`traefik.zacke.xyz`) traefik.http.routers.traefik-websecure.entrypoints: websecure traefik.http.routers.traefik-websecure.tls.certresolver: myresolver traefik.http.routers.traefik-websecure.middlewares: traefik-redirect # services traefik.http.services.traefik-websecure.loadbalancer.server.port: 8080 nextcloud: image: lscr.io/linuxserver/nextcloud:latest container_name: nextcloud environment: PUID: 1400 # docker volumes: - "{{docker.nextcloud.config_path}}:/config" - "{{docker.nextcloud.data_path}}:/data" ports: - 8084:443 restart: unless-stopped labels: traefik.enable: true # redirect scheme traefik.http.middlewares.nextcloud-redirect.redirectscheme.scheme: https traefik.http.middlewares.nextcloud-redirect.redirectscheme.permanent: true # http traefik.http.routers.nextcloud-web.rule: Host(`nextcloud.zacke.xyz`) traefik.http.routers.nextcloud-web.entrypoints: web traefik.http.routers.nextcloud-web.middlewares: nextcloud-redirect # https traefik.http.routers.nextcloud-websecure.rule: Host(`nextcloud.zacke.xyz`) traefik.http.routers.nextcloud-websecure.entrypoints: websecure traefik.http.routers.nextcloud-websecure.tls.certresolver: myresolver traefik.http.routers.nextcloud-websecure.middlewares: nextcloud-redirect # services traefik.http.services.nextcloud-websecure.loadbalancer.server.port: 443 traefik.http.services.nextcloud-websecure.loadbalancer.server.scheme: https mariadb-nextcloud: container_name: mariadb-nextcloud image: mariadb:11 restart: unless-stopped stop_grace_period: 5s security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239 - seccomp:unconfined - apparmor:unconfined command: --skip-name-resolve=1 --innodb-buffer-pool-size=128M --innodb_flush_log_at_trx_commit=2 --innodb_log_buffer_size=32M --innodb_max_dirty_pages_pct=90 --query_cache_type=1 --query_cache_limit=2M --query_cache_min_res_unit=2k --query_cache_size=64M --tmp_table_size=64M --max_heap_table_size=64M --long_query_time=1 environment: MARIADB_AUTO_UPGRADE: "1" MARIADB_INITDB_SKIP_TZINFO: "1" MARIADB_ROOT_PASSWORD: "{{docker.mariadb_nextcloud.database_password}}" MARIADB_USER: "nextcloud" MARIADB_PASSWORD: "{{docker.mariadb_nextcloud.database_password}}" MARIADB_DATABASE: "nextcloud" ports: - 3307:3306 volumes: - "{{docker.mariadb_nextcloud.data_volume}}:/var/lib/mysql" dashy: container_name: dashy image: lissy93/dashy:3.x restart: unless-stopped volumes: - "{{docker.dashy.data_volume}}:/app/user-data" ports: - 8085:8080 labels: traefik.enable: true # redirect scheme traefik.http.middlewares.dashy-redirect.redirectscheme.scheme: https traefik.http.middlewares.dashy-redirect.redirectscheme.permanent: true # http traefik.http.routers.dashy-web.rule: Host(`dashy.zacke.xyz`) traefik.http.routers.dashy-web.entrypoints: web traefik.http.routers.dashy-web.middlewares: dashy-redirect # https traefik.http.routers.dashy-websecure.rule: Host(`dashy.zacke.xyz`) traefik.http.routers.dashy-websecure.entrypoints: websecure traefik.http.routers.dashy-websecure.tls.certresolver: myresolver traefik.http.routers.dashy-websecure.middlewares: dashy-redirect # services traefik.http.services.dashy-websecure.loadbalancer.server.port: 8080 calibre-web: image: lscr.io/linuxserver/calibre-web:latest container_name: calibre-web environment: - PUID=1400 - PGID=1400 - TZ=Etc/UTC - DOCKER_MODS=linuxserver/mods:universal-calibre #optional - OAUTHLIB_RELAX_TOKEN_SCOPE=1 #optional volumes: - "{{docker.calibre.data_path}}:/config" - "{{docker.calibre.library_path}}:/books" restart: always labels: traefik.enable: true # redirect scheme traefik.http.middlewares.calibre-redirect.redirectscheme.scheme: https traefik.http.middlewares.calibre-redirect.redirectscheme.permanent: true # http traefik.http.routers.calibre-web.rule: Host(`calibre.zacke.xyz`) traefik.http.routers.calibre-web.entrypoints: web traefik.http.routers.calibre-web.middlewares: calibre-redirect # https traefik.http.routers.calibre-websecure.rule: Host(`calibre.zacke.xyz`) traefik.http.routers.calibre-websecure.entrypoints: websecure traefik.http.routers.calibre-websecure.tls.certresolver: myresolver traefik.http.routers.calibre-websecure.middlewares: calibre-redirect # services traefik.http.services.calibre-websecure.loadbalancer.server.port: 8083