Move to traefik proxy

docker/gitea/docker-compose.yaml

@@ -1,9 +1,5 @@
 version: '2'
 
-networks:
-  gitea:
-    external: false
-
 services:
   gitea:
     container_name: gitea
@@ -20,14 +16,30 @@ services:
     restart: always
     networks:
       - gitea
-    volumes:
-      - /docker/gitea/gitea:/data
-      - /etc/localtime:/etc/localtime:ro
+      - proxy
     ports:
       - '3000:3000'
       - '222:22'
     depends_on:
       - mariadb-gitea
+    volumes:
+      - /docker/gitea/gitea:/data
+      - /etc/localtime:/etc/localtime:ro
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.gitea-redirect.entrypoints=http'
+      - 'traefik.http.routers.gitea-redirect.rule=Host(`git.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.gitea-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.gitea.entrypoints=https'
+      - 'traefik.http.routers.gitea.rule=Host(`git.reekynet.com`)'
+      - 'traefik.http.routers.gitea.tls=true'
+      - 'traefik.http.routers.gitea.tls.certresolver=http'
+      - 'traefik.http.routers.gitea.service=gitea'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.gitea.loadbalancer.server.port=3000'
 
   mariadb-gitea:
     container_name: mariadb-gitea
@@ -41,3 +53,9 @@ services:
     volumes:
       - /docker/gitea/mariadb:/var/lib/mysql
       - /etc/localtime:/etc/localtime:ro
+
+networks:
+  gitea:
+    external: false
+  proxy:
+    external: true

docker/homeautomation/docker-compose.yml

@@ -9,10 +9,29 @@ services:
       - /docker/homeautomation/home-assistant:/config
       - /etc/localtime:/etc/localtime:ro
     restart: always
-    network_mode: host
+    networks:
+      - home-assistant
+      - proxy
+    ports:
+      - '8123:8123'
     depends_on:
       - deconz
       - mosquitto
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.home-assistant-redirect.entrypoints=http'
+      - 'traefik.http.routers.home-assistant-redirect.rule=Host(`home.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.home-assistant-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.home-assistant.entrypoints=https'
+      - 'traefik.http.routers.home-assistant.rule=Host(`home.reekynet.com`)'
+      - 'traefik.http.routers.home-assistant.tls=true'
+      - 'traefik.http.routers.home-assistant.tls.certresolver=http'
+      - 'traefik.http.routers.home-assistant.service=home-assistant'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.home-assistant.loadbalancer.server.port=8123'
 
   deconz:
     container_name: deconz
@@ -39,6 +58,9 @@ services:
     image: nodered/node-red
     environment:
       - TZ=Europe/Helsinki
+    networks:
+      - home-assistant
+      - proxy
     ports:
       - '1880:1880'
     volumes:
@@ -47,6 +69,21 @@ services:
     restart: always
     depends_on:
       - home-assistant
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.node-red-redirect.entrypoints=http'
+      - 'traefik.http.routers.node-red-redirect.rule=Host(`node.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.node-red-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.node-red.entrypoints=https'
+      - 'traefik.http.routers.node-red.rule=Host(`node.reekynet.com`)'
+      - 'traefik.http.routers.node-red.tls=true'
+      - 'traefik.http.routers.node-red.tls.certresolver=http'
+      - 'traefik.http.routers.node-red.service=node-red'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.node.loadbalancer.server.port=1880'
 
   mosquitto:
     container_name: mosquitto
@@ -65,9 +102,15 @@ services:
     environment:
       - TZ=Europe/Helsinki
       - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
-    ports:
-      - '3308:3306'
+    networks:
+      - home-assistant
     volumes:
       - /docker/homeautomation/mariadb:/var/lib/mysql
       - /etc/localtime:/etc/localtime:ro
     restart: always
+
+networks:
+  home-assistant:
+    external: false
+  proxy:
+    external: true

docker/jellyfin/docker-compose.yaml

@@ -6,10 +6,32 @@ services:
     environment:
       - TZ=Europe/Helsinki
     user: 1001:985
-    network_mode: 'host'
+    ports:
+      - '8096:8096'
+    networks:
+      - proxy
     restart: always
     volumes:
       - /docker/jellyfin/config:/config
       - /docker/jellyfin/cache:/cache
       - /mnt/Storage/Media:/media
       - /etc/localtime:/etc/localtime:ro
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.jellyfin-redirect.entrypoints=http'
+      - 'traefik.http.routers.jellyfin-redirect.rule=Host(`jellyfin.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.jellyfin-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.jellyfin.entrypoints=https'
+      - 'traefik.http.routers.jellyfin.rule=Host(`jellyfin.reekynet.com`)'
+      - 'traefik.http.routers.jellyfin.tls=true'
+      - 'traefik.http.routers.jellyfin.tls.certresolver=http'
+      - 'traefik.http.routers.jellyfin.service=jellyfin'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.jellyfin.loadbalancer.server.port=8096'
+
+networks:
+  proxy:
+    external: true

docker/portainer/docker-compose.yaml

@@ -6,9 +6,28 @@ services:
     environment:
       - TZ=Europe/Helsinki
     restart: always
-    ports:
-      - '9000:9000'
+    networks:
+      - proxy
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /docker/portainer:/data
       - /etc/localtime:/etc/localtime:ro
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.portainer-redirect.entrypoints=http'
+      - 'traefik.http.routers.portainer-redirect.rule=Host(`portainer.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.portainer-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.portainer.entrypoints=https'
+      - 'traefik.http.routers.portainer.rule=Host(`portainer.reekynet.com`)'
+      - 'traefik.http.routers.portainer.tls=true'
+      - 'traefik.http.routers.portainer.tls.certresolver=http'
+      - 'traefik.http.routers.portainer.service=portainer'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.portainer.loadbalancer.server.port=9000'
+
+networks:
+  proxy:
+    external: true

docker/traefik/docker-compose.yaml

@@ -0,0 +1,41 @@
+version: '3'
+
+services:
+  traefik:
+    image: traefik:v2.0
+    container_name: traefik
+    restart: unless-stopped
+    ports:
+      - '80:80'
+      - '443:443'
+    environment:
+      - TZ=Europe/Helsinki
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - proxy
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /docker/traefik/traefik.yml:/traefik.yml:ro
+      - /docker/traefik/dashboard-users:/dashboard-users:ro
+      - /docker/traefik/acme.json:/acme.json
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.redirect.entrypoints=http'
+      - 'traefik.http.routers.redirect.rule=Host(`traefik.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.dashboard.entrypoints=https'
+      - 'traefik.http.routers.dashboard.rule=Host(`traefik.reekynet.com`)'
+      - 'traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/dashboard-users'
+      - 'traefik.http.routers.dashboard.middlewares=dashboard-auth'
+      - 'traefik.http.routers.dashboard.tls=true'
+      - 'traefik.http.routers.dashboard.tls.certresolver=http'
+      - 'traefik.http.routers.dashboard.service=api@internal'
+
+networks:
+  proxy:
+    external: true