config[traefik]: Splitted from main stack

cristianmiranda · Aug 26, 2020 · 19cbff2 · 19cbff2
1 parent 0cce939
commit 19cbff2
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -40,6 +40,9 @@ docker-compose -f docker-compose.yml -f docker-compose.torrents-on-vpn.yml up -d
 
 # Main stack + VPN Protected Torrenting + Plex HW Transcoding
 docker-compose -f docker-compose.yml -f docker-compose.torrents-on-vpn.yml -f docker-compose.plex-hw.yml up -d
+
+# Main stack + VPN Protected Torrenting + Plex HW Transcoding + Custom domain & SSL certificates
+docker-compose -f docker-compose.yml -f docker-compose.torrents-on-vpn.yml -f docker-compose.plex-hw.yml -f docker-compose.traefik.yml up -d
 ```
 
 ## Stopping
@@ -48,6 +51,17 @@ Use `docker-compose down` adding `-f` flag with the same compose files you used
 ## Updating
 Watchtower automatically updates all apps (if docker image update is available) at 4 AM every day.
 
+## Custom domain + Let's Encrypt free certificates
+In case you own a domain like `example.com` and you'd like to configure subdomains pointing to your apps like `sonarr.example.com` or `plex.example.com`, do the following:
+1. Modify `.env`:
+```bash
+DOMAIN=example.com
+SSL_ACME_EMAIL=you@mail.com
+```
+2. Forward ports 80 and 443 to your mediabox (you can do that changing your router settings).
+3. Include `docker-compose.traefik.yml` when starting the stack
+4. Check the logs to verify everything is up and running: `docker logs -f traefik`
+
 ## VPN
 With OpenVPN you can use any VPN provider following these steps:
 

diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml
@@ -0,0 +1,38 @@
+version: "3.3"
+
+services:
+  traefik:
+    image: traefik
+    restart: always
+    container_name: traefik
+    ports:
+      - 80:80
+      - 443:443
+      - 8080:8080 # traefik dashboard
+    command:
+      - --api.insecure=true
+      - --api.dashboard=false
+      - --api.debug=true
+      - --log.level=DEBUG
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.network=default
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecured.address=:443
+      - --entrypoints.web.http.redirections.entryPoint.to=websecured
+      - --entrypoints.web.http.redirections.entryPoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --certificatesresolvers.myresolver.acme.tlschallenge=true
+      - --certificatesresolvers.myresolver.acme.email=${SSL_ACME_EMAIL}
+      - --certificatesresolvers.myresolver.acme.storage=etc/traefik/acme/acme.json
+      - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${CONTAINERS}/traefik:/etc/traefik/acme
+    networks:
+      default:
+        ipv4_address: 172.20.50.1
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)
+      - traefik.http.routers.api.service=api@internal
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -10,42 +10,6 @@ services:
       - ${HOME}/.docker/config.json:/config.json
     command: --label-enable --cleanup --schedule "0 0 4 * * *"
 
-  traefik:
-    image: traefik
-    restart: always
-    container_name: traefik
-    ports:
-      - 80:80
-      - 443:443
-      - 8080:8080 # traefik dashboard
-    command:
-      - --api.insecure=true
-      - --api.dashboard=false
-      - --api.debug=true
-      - --log.level=DEBUG
-      - --providers.docker=true
-      - --providers.docker.exposedbydefault=false
-      - --providers.docker.network=default
-      - --entrypoints.web.address=:80
-      - --entrypoints.websecured.address=:443
-      - --entrypoints.web.http.redirections.entryPoint.to=websecured
-      - --entrypoints.web.http.redirections.entryPoint.scheme=https
-      - --entrypoints.web.http.redirections.entrypoint.permanent=true
-      - --certificatesresolvers.myresolver.acme.tlschallenge=true
-      - --certificatesresolvers.myresolver.acme.email=${SSL_ACME_EMAIL}
-      - --certificatesresolvers.myresolver.acme.storage=etc/traefik/acme/acme.json
-      - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ${CONTAINERS}/traefik:/etc/traefik/acme
-    networks:
-      default:
-        ipv4_address: 172.20.50.1
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)
-      - traefik.http.routers.api.service=api@internal
-
   plex:
     image: linuxserver/plex
     container_name: plex