traefik locally and pihole
master
This commit is contained in:
Maciej Krok
parent
7a14570601
commit
1770a57860
59
pihole/pihole.yaml
Normal file
59
pihole/pihole.yaml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
version: "3.4"
|
||||||
|
services:
|
||||||
|
pihole:
|
||||||
|
image: pihole/pihole:latest
|
||||||
|
ports:
|
||||||
|
- target: 53
|
||||||
|
published: 53
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
|
- target: 53
|
||||||
|
published: 53
|
||||||
|
protocol: udp
|
||||||
|
mode: host
|
||||||
|
- target: 67
|
||||||
|
published: 67
|
||||||
|
protocol: udp
|
||||||
|
mode: host
|
||||||
|
environment:
|
||||||
|
TZ: 'Europe/Warsaw'
|
||||||
|
DNS1: "8.8.8.8"
|
||||||
|
DNS2: "1.1.1.1"
|
||||||
|
cap_add:
|
||||||
|
- CAP_NET_BIND_SERVICE
|
||||||
|
- NET_ADMIN
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
- traefik-net
|
||||||
|
volumes:
|
||||||
|
- pihole_etc:/etc/pihole/
|
||||||
|
- pihole_dnsmasq:/etc/dnsmasq.d/
|
||||||
|
- "/etc/resolv.conf:/etc/resolv.conf:ro"
|
||||||
|
deploy:
|
||||||
|
mode: replicated
|
||||||
|
replicas: 1
|
||||||
|
restart_policy:
|
||||||
|
condition: any
|
||||||
|
delay: 5s
|
||||||
|
labels:
|
||||||
|
traefik.enable: "true"
|
||||||
|
traefik.frontend.rule: "Host:${HOST}"
|
||||||
|
traefik.port: 80
|
||||||
|
traefik.frontend.entryPoints: localhttp,localhttps
|
||||||
|
traefik.docker.network: traefik-net
|
||||||
|
traefik.frontend.headers.STSSeconds: 63072000
|
||||||
|
traefik.frontend.headers.STSIncludeSubdomains: "true"
|
||||||
|
traefik.frontend.headers.STSPreload: "true"
|
||||||
|
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
pihole_dnsmasq:
|
||||||
|
pihole_etc:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
traefik-net:
|
||||||
|
external: true
|
||||||
|
|
||||||
|
### Environment variables
|
||||||
|
# HOST
|
||||||
@ -10,9 +10,10 @@ services:
|
|||||||
- --api.entryPoint=traefik
|
- --api.entryPoint=traefik
|
||||||
- --api.dashboard=true
|
- --api.dashboard=true
|
||||||
- --debug=false
|
- --debug=false
|
||||||
- --entryPoints=Name:http Address::80 Compress:true Redirect.EntryPoint:https
|
- --entryPoints=Name:http Address::1380 Compress:true Redirect.EntryPoint:https
|
||||||
- --entryPoints=Name:https Address::443 TLS Compress:true TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
- --entryPoints=Name:https Address::13443 TLS Compress:true TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
- --logLevel=INFO
|
- --entryPoints=Name:localhttp Address::80 Compress:true Redirect.EntryPoint:localhttps
|
||||||
|
- --entryPoints=Name:localhttps Address::443 TLS Compress:true TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - --logLevel=INFO
|
||||||
- --accessLog.format=json
|
- --accessLog.format=json
|
||||||
- --docker
|
- --docker
|
||||||
- --docker.endpoint=unix:///var/run/docker.sock
|
- --docker.endpoint=unix:///var/run/docker.sock
|
||||||
@ -34,6 +35,14 @@ services:
|
|||||||
published: 443
|
published: 443
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
mode: host
|
mode: host
|
||||||
|
- target: 1380
|
||||||
|
published: ${PUBLICHTTPPORT}
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
|
- target: 13443
|
||||||
|
published: ${PUBLICHTTPSPORT}
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
- target: 8080
|
- target: 8080
|
||||||
published: ${ADMINPORT}
|
published: ${ADMINPORT}
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
@ -42,6 +51,7 @@ services:
|
|||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- acmeData:/acme
|
- acmeData:/acme
|
||||||
- tmp:/tmp
|
- tmp:/tmp
|
||||||
|
- tlsData:/tls
|
||||||
networks:
|
networks:
|
||||||
- traefik-net
|
- traefik-net
|
||||||
- external
|
- external
|
||||||
@ -50,6 +60,19 @@ services:
|
|||||||
placement:
|
placement:
|
||||||
constraints:
|
constraints:
|
||||||
- node.role == manager
|
- node.role == manager
|
||||||
|
restart_policy:
|
||||||
|
condition: any
|
||||||
|
delay: 5s
|
||||||
|
labels:
|
||||||
|
traefik.enable: "true"
|
||||||
|
traefik.frontend.rule: "Host:traefik.lan"
|
||||||
|
traefik.port: 8080
|
||||||
|
traefik.frontend.entryPoints: localhttp,localhttps
|
||||||
|
traefik.docker.network: traefik-net
|
||||||
|
traefik.frontend.headers.STSSeconds: 63072000
|
||||||
|
traefik.frontend.headers.STSIncludeSubdomains: "true"
|
||||||
|
traefik.frontend.headers.STSPreload: "true"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
external:
|
external:
|
||||||
traefik-net:
|
traefik-net:
|
||||||
@ -58,10 +81,13 @@ networks:
|
|||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
acmeData:
|
acmeData:
|
||||||
|
tlsData:
|
||||||
tmp:
|
tmp:
|
||||||
|
|
||||||
|
|
||||||
### Environment variables
|
### Environment variables
|
||||||
# ADMINPORT 8080
|
# ADMINPORT 8080
|
||||||
|
# PUBLICHTTPPORT 1380
|
||||||
|
# PUBLICHTTPSPORT 13443
|
||||||
# DOCKER_DOMAIN
|
# DOCKER_DOMAIN
|
||||||
# ACME_EMAIL
|
# ACME_EMAIL
|
||||||
@ -1,4 +1,4 @@
|
|||||||
version: '3'
|
version: '3.4'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
db:
|
db:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user