From 19cbff288eebddc124eff6441dbaa2b96c7791de Mon Sep 17 00:00:00 2001
From: Cristian Miranda <crism60@gmail.com>
Date: Tue, 25 Aug 2020 22:47:05 -0300
Subject: [PATCH] config[traefik]: Splitted from main stack

---
 README.md                  | 14 ++++++++++++++
 docker-compose.traefik.yml | 38 ++++++++++++++++++++++++++++++++++++++
 docker-compose.yml         | 36 ------------------------------------
 3 files changed, 52 insertions(+), 36 deletions(-)
 create mode 100644 docker-compose.traefik.yml

diff --git a/README.md b/README.md
index 40926ca..02d5436 100644
--- a/README.md
+++ b/README.md
@@ -40,6 +40,9 @@ docker-compose -f docker-compose.yml -f docker-compose.torrents-on-vpn.yml up -d
 
 # Main stack + VPN Protected Torrenting + Plex HW Transcoding
 docker-compose -f docker-compose.yml -f docker-compose.torrents-on-vpn.yml -f docker-compose.plex-hw.yml up -d
+
+# Main stack + VPN Protected Torrenting + Plex HW Transcoding + Custom domain & SSL certificates
+docker-compose -f docker-compose.yml -f docker-compose.torrents-on-vpn.yml -f docker-compose.plex-hw.yml -f docker-compose.traefik.yml up -d
 ```
 
 ## Stopping
@@ -48,6 +51,17 @@ Use `docker-compose down` adding `-f` flag with the same compose files you used
 ## Updating
 Watchtower automatically updates all apps (if docker image update is available) at 4 AM every day.
 
+## Custom domain + Let's Encrypt free certificates
+In case you own a domain like `example.com` and you'd like to configure subdomains pointing to your apps like `sonarr.example.com` or `plex.example.com`, do the following:
+1. Modify `.env`:
+```bash
+DOMAIN=example.com
+SSL_ACME_EMAIL=you@mail.com
+```
+2. Forward ports 80 and 443 to your mediabox (you can do that changing your router settings).
+3. Include `docker-compose.traefik.yml` when starting the stack
+4. Check the logs to verify everything is up and running: `docker logs -f traefik`
+
 ## VPN
 With OpenVPN you can use any VPN provider following these steps:
 
diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml
new file mode 100644
index 0000000..023c1fb
--- /dev/null
+++ b/docker-compose.traefik.yml
@@ -0,0 +1,38 @@
+version: "3.3"
+
+services:
+  traefik:
+    image: traefik
+    restart: always
+    container_name: traefik
+    ports:
+      - 80:80
+      - 443:443
+      - 8080:8080 # traefik dashboard
+    command:
+      - --api.insecure=true
+      - --api.dashboard=false
+      - --api.debug=true
+      - --log.level=DEBUG
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.network=default
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecured.address=:443
+      - --entrypoints.web.http.redirections.entryPoint.to=websecured
+      - --entrypoints.web.http.redirections.entryPoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --certificatesresolvers.myresolver.acme.tlschallenge=true
+      - --certificatesresolvers.myresolver.acme.email=${SSL_ACME_EMAIL}
+      - --certificatesresolvers.myresolver.acme.storage=etc/traefik/acme/acme.json
+      - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${CONTAINERS}/traefik:/etc/traefik/acme
+    networks:
+      default:
+        ipv4_address: 172.20.50.1
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)
+      - traefik.http.routers.api.service=api@internal
diff --git a/docker-compose.yml b/docker-compose.yml
index 071bd28..8a460b7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,42 +10,6 @@ services:
       - ${HOME}/.docker/config.json:/config.json
     command: --label-enable --cleanup --schedule "0 0 4 * * *"
 
-  traefik:
-    image: traefik
-    restart: always
-    container_name: traefik
-    ports:
-      - 80:80
-      - 443:443
-      - 8080:8080 # traefik dashboard
-    command:
-      - --api.insecure=true
-      - --api.dashboard=false
-      - --api.debug=true
-      - --log.level=DEBUG
-      - --providers.docker=true
-      - --providers.docker.exposedbydefault=false
-      - --providers.docker.network=default
-      - --entrypoints.web.address=:80
-      - --entrypoints.websecured.address=:443
-      - --entrypoints.web.http.redirections.entryPoint.to=websecured
-      - --entrypoints.web.http.redirections.entryPoint.scheme=https
-      - --entrypoints.web.http.redirections.entrypoint.permanent=true
-      - --certificatesresolvers.myresolver.acme.tlschallenge=true
-      - --certificatesresolvers.myresolver.acme.email=${SSL_ACME_EMAIL}
-      - --certificatesresolvers.myresolver.acme.storage=etc/traefik/acme/acme.json
-      - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ${CONTAINERS}/traefik:/etc/traefik/acme
-    networks:
-      default:
-        ipv4_address: 172.20.50.1
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)
-      - traefik.http.routers.api.service=api@internal
-
   plex:
     image: linuxserver/plex
     container_name: plex