diff --git a/docker/authentik/docker-compose.toml b/docker/authentik/docker-compose.toml index dbeb58be..6ed612cb 100644 --- a/docker/authentik/docker-compose.toml +++ b/docker/authentik/docker-compose.toml @@ -20,13 +20,14 @@ env_file = [".env"] networks = ["authentik", "postgres", "proxy"] labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.authentik-redirect.entrypoints=http", "traefik.http.routers.authentik-redirect.rule=Host(`sso.korhonen.cc`)", "traefik.http.routers.authentik-redirect.middlewares=http2https@file", "traefik.http.routers.authentik.entrypoints=https", + "traefik.http.routers.authentik.middlewares=secHeaders@file", "traefik.http.routers.authentik.rule=Host(`sso.korhonen.cc`)", "traefik.http.routers.authentik.service=authentik", - "traefik.docker.network=proxy", "traefik.http.services.authentik.loadbalancer.server.port=9000", ] diff --git a/docker/freshrss/docker-compose.toml b/docker/freshrss/docker-compose.toml index 538cb1f3..30e28f6e 100644 --- a/docker/freshrss/docker-compose.toml +++ b/docker/freshrss/docker-compose.toml @@ -13,13 +13,14 @@ volumes = [ ] labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.freshrss-redirect.entrypoints=http", "traefik.http.routers.freshrss-redirect.rule=Host(`rss.korhonen.cc`)", "traefik.http.routers.freshrss-redirect.middlewares=http2https@file", "traefik.http.routers.freshrss.entrypoints=https", + "traefik.http.routers.freshrss.middlewares=secHeaders@file", "traefik.http.routers.freshrss.rule=Host(`rss.korhonen.cc`)", "traefik.http.routers.freshrss.service=freshrss", - "traefik.docker.network=proxy", "traefik.http.services.freshrss.loadbalancer.server.port=80", ] @@ -34,13 +35,14 @@ volumes = [ networks = ["freshrss", "proxy"] labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.bibliogram-redirect.entrypoints=http", "traefik.http.routers.bibliogram-redirect.rule=Host(`bibliogram.korhonen.cc`)", "traefik.http.routers.bibliogram-redirect.middlewares=http2https@file", "traefik.http.routers.bibliogram.entrypoints=https", + "traefik.http.routers.bibliogram.middlewares=secHeaders@file", "traefik.http.routers.bibliogram.rule=Host(`bibliogram.korhonen.cc`)", "traefik.http.routers.bibliogram.service=bibliogram", - "traefik.docker.network=proxy", "traefik.http.services.bibliogram.loadbalancer.server.port=10407", ] diff --git a/docker/gitea/docker-compose.toml b/docker/gitea/docker-compose.toml index 6fac0acf..ca40968d 100644 --- a/docker/gitea/docker-compose.toml +++ b/docker/gitea/docker-compose.toml @@ -10,13 +10,14 @@ ports = ["3000:3000", "22:22"] volumes = ["/docker/gitea:/data", "/etc/localtime:/etc/localtime:ro"] labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.gitea-redirect.entrypoints=http", "traefik.http.routers.gitea-redirect.rule=Host(`git.korhonen.cc`)", "traefik.http.routers.gitea-redirect.middlewares=http2https@file", "traefik.http.routers.gitea.entrypoints=https", + "traefik.http.routers.gitea.middlewares=secHeaders@file", "traefik.http.routers.gitea.rule=Host(`git.korhonen.cc`)", "traefik.http.routers.gitea.service=gitea", - "traefik.docker.network=proxy", "traefik.http.services.gitea.loadbalancer.server.port=3000", ] diff --git a/docker/homeautomation/docker-compose.toml b/docker/homeautomation/docker-compose.toml index 65503e20..5aedcb39 100644 --- a/docker/homeautomation/docker-compose.toml +++ b/docker/homeautomation/docker-compose.toml @@ -15,13 +15,14 @@ ports = ["8123:8123", "8300:8300"] depends_on = ["mosquitto"] labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.home-assistant-redirect.entrypoints=http", "traefik.http.routers.home-assistant-redirect.rule=Host(`home.korhonen.cc`)", "traefik.http.routers.home-assistant-redirect.middlewares=http2https@file", "traefik.http.routers.home-assistant.entrypoints=https", + "traefik.http.routers.home-assistant.middlewares=secHeaders@file", "traefik.http.routers.home-assistant.rule=Host(`home.korhonen.cc`)", "traefik.http.routers.home-assistant.service=home-assistant", - "traefik.docker.network=proxy", "traefik.http.services.home-assistant.loadbalancer.server.port=8123", ] @@ -70,13 +71,14 @@ restart = "unless-stopped" depends_on = ["home-assistant"] labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.node-red-redirect.entrypoints=http", "traefik.http.routers.node-red-redirect.rule=Host(`node.korhonen.cc`)", "traefik.http.routers.node-red-redirect.middlewares=http2https@file", "traefik.http.routers.node-red.entrypoints=https", "traefik.http.routers.node-red.rule=Host(`node.korhonen.cc`)", + "traefik.http.routers.node-red.middlewares=secHeaders@file", "traefik.http.routers.node-red.service=node-red", - "traefik.docker.network=proxy", "traefik.http.services.node-red.loadbalancer.server.port=1880", ] diff --git a/docker/index.korhonen.cc/docker-compose.toml b/docker/index.korhonen.cc/docker-compose.toml index ea4eb287..9bbec60c 100644 --- a/docker/index.korhonen.cc/docker-compose.toml +++ b/docker/index.korhonen.cc/docker-compose.toml @@ -9,13 +9,14 @@ networks = ["proxy"] restart = "unless-stopped" labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.index-redirect.entrypoints=http", "traefik.http.routers.index-redirect.rule=Host(`index.korhonen.cc`)", "traefik.http.routers.index-redirect.middlewares=http2https@file", "traefik.http.routers.index.entrypoints=https", + "traefik.http.routers.index.middlewares=secHeaders@file", "traefik.http.routers.index.rule=Host(`index.korhonen.cc`)", "traefik.http.routers.index.service=index", - "traefik.docker.network=proxy", "traefik.http.services.index.loadbalancer.server.port=80", ] diff --git a/docker/jellyfin/docker-compose.toml b/docker/jellyfin/docker-compose.toml index 0ea17c77..3e3a2f38 100644 --- a/docker/jellyfin/docker-compose.toml +++ b/docker/jellyfin/docker-compose.toml @@ -19,13 +19,14 @@ devices = [ ] labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.jellyfin-redirect.entrypoints=http", "traefik.http.routers.jellyfin-redirect.rule=Host(`jellyfin.korhonen.cc`)", "traefik.http.routers.jellyfin-redirect.middlewares=http2https@file", "traefik.http.routers.jellyfin.entrypoints=https", + "traefik.http.routers.gitea.middlewares=secHeaders@file", "traefik.http.routers.jellyfin.rule=Host(`jellyfin.korhonen.cc`)", "traefik.http.routers.jellyfin.service=jellyfin", - "traefik.docker.network=proxy", "traefik.http.services.jellyfin.loadbalancer.server.port=8096", ] diff --git a/docker/korhonen.cc/docker-compose.toml b/docker/korhonen.cc/docker-compose.toml index dd7e144a..41ca73b4 100644 --- a/docker/korhonen.cc/docker-compose.toml +++ b/docker/korhonen.cc/docker-compose.toml @@ -3,18 +3,22 @@ [services.nginx] image = "nginx" container_name = "korhonen.cc" -volumes = ["/docker/korhonen.cc:/korhonen.cc:ro", "./nginx.conf:/etc/nginx/conf.d/default.conf"] +volumes = [ + "/docker/korhonen.cc:/korhonen.cc:ro", + "./nginx.conf:/etc/nginx/conf.d/default.conf", +] networks = ["proxy"] restart = "unless-stopped" labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.korhonen-redirect.entrypoints=http", "traefik.http.routers.korhonen-redirect.rule=Host(`korhonen.cc`)", "traefik.http.routers.korhonen-redirect.middlewares=http2https@file", "traefik.http.routers.korhonen.entrypoints=https", + "traefik.http.routers.korhonen.middlewares=secHeaders@file", "traefik.http.routers.korhonen.rule=Host(`korhonen.cc`)", "traefik.http.routers.korhonen.service=korhonen", - "traefik.docker.network=proxy", "traefik.http.services.korhonen.loadbalancer.server.port=80", ] diff --git a/docker/pihole/docker-compose.toml b/docker/pihole/docker-compose.toml index 27f4af69..4006a3dc 100644 --- a/docker/pihole/docker-compose.toml +++ b/docker/pihole/docker-compose.toml @@ -14,13 +14,14 @@ cap_add = ["NET_ADMIN"] restart = "unless-stopped" labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.pihole-redirect.entrypoints=http", "traefik.http.routers.pihole-redirect.rule=Host(`pihole.korhonen.cc`)", "traefik.http.routers.pihole-redirect.middlewares=http2https@file", "traefik.http.routers.pihole.entrypoints=https", + "traefik.http.routers.pihole.middlewares=secHeaders@file", "traefik.http.routers.pihole.rule=Host(`pihole.korhonen.cc`)", "traefik.http.routers.pihole.service=pihole", - "traefik.docker.network=proxy", "traefik.http.services.pihole.loadbalancer.server.port=80", ] diff --git a/docker/traefik/docker-compose.toml b/docker/traefik/docker-compose.toml index 828784d7..d8b46f4e 100644 --- a/docker/traefik/docker-compose.toml +++ b/docker/traefik/docker-compose.toml @@ -19,15 +19,16 @@ volumes = [ ] labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.redirect.entrypoints=http", "traefik.http.routers.redirect.rule=Host(`traefik.korhonen.cc`)", "traefik.http.routers.redirect.middlewares=http2https@file", "traefik.http.routers.dashboard.entrypoints=https", + "traefik.http.routers.dashboard.middlewares=secHeaders@file", "traefik.http.routers.dashboard.rule=Host(`traefik.korhonen.cc`)", "traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/dashboard-users", "traefik.http.routers.dashboard.middlewares=dashboard-auth", "traefik.http.routers.dashboard.service=api@internal", - "traefik.docker.network=proxy", ] [services.fail2ban] diff --git a/docker/tvheadend/docker-compose.toml b/docker/tvheadend/docker-compose.toml index c3aef502..dd2f1c2c 100644 --- a/docker/tvheadend/docker-compose.toml +++ b/docker/tvheadend/docker-compose.toml @@ -16,13 +16,14 @@ restart = "unless-stopped" networks = ["proxy"] labels = [ "traefik.enable=true", + "traefik.docker.network=proxy", "traefik.http.routers.tvheadend-redirect.entrypoints=http", "traefik.http.routers.tvheadend-redirect.rule=Host(`tvheadend.korhonen.cc`)", "traefik.http.routers.tvheadend-redirect.middlewares=http2https@file", "traefik.http.routers.tvheadend.entrypoints=https", + "traefik.http.routers.tvheadend.middlewares=secHeaders@file", "traefik.http.routers.tvheadend.rule=Host(`tvheadend.korhonen.cc`)", "traefik.http.routers.tvheadend.service=tvheadend", - "traefik.docker.network=proxy", "traefik.http.services.tvheadend.loadbalancer.server.port=9981", ]