-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
167 lines (158 loc) · 5.71 KB
/
docker-compose.yml
File metadata and controls
167 lines (158 loc) · 5.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
version: '3.4'
services:
traefik:
container_name: traefik
image: traefik:latest
restart: unless-stopped
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 1883
published: 1883
mode: host
- target: 8883
published: 8883
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./volumes/traefik/config/traefik.yml:/etc/traefik/traefik.yml
- ./volumes/traefik/acme:/etc/traefik/acme
labels:
- "traefik.enable=true"
# middleware: redirect to https
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.allow_ip_local.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.replacepath_web_remote.replacepath.path=/web_remote/"
- "traefik.http.middlewares.replacepath_web_local.replacepath.path=/web_local/"
- "traefik.http.middlewares.replacepath_web_test.replacepath.path=/web_test/"
- "traefik.tcp.middlewares.tcp_allow_ip_local.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.0/24"
# router http: redirect http://REMOTE_HOST to https
- "traefik.http.routers.web_to_websecure.rule=Host(`${REMOTE_HOST}`) && Path(`/`)"
- "traefik.http.routers.web_to_websecure.middlewares=https-redirect"
- "traefik.http.routers.web_to_websecure.entrypoints=web"
# this is a fake service which will never get called but is necessary for the config
- "traefik.http.routers.redirect_router.service=noop"
- "traefik.http.services.noop.loadBalancer.server.url=192.168.1.1"
- "traefik.http.services.noop.loadbalancer.server.port=80"
# api & dashboard only for local host
- "traefik.http.routers.local_api_router.rule=Host(`${LOCAL_HOST}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.local_api_router.entrypoints=web"
- "traefik.http.routers.local_api_router.middlewares=allow_ip_local"
- "traefik.http.routers.local_api_router.service=api@internal"
networks:
- traefik
nginx:
container_name: nginx
image: nginx:alpine
restart: unless-stopped
ports:
- target: 80
volumes:
- ./volumes/nginx/html:/usr/share/nginx/html:ro
labels:
- "traefik.enable=true"
# show https web page to outside world, we currently only have the index.html
- "traefik.http.routers.remote_websecure.rule=Host(`${REMOTE_HOST}`) && Path(`/`)"
- "traefik.http.routers.remote_websecure.entrypoints=websecure"
- "traefik.http.routers.remote_websecure.middlewares=replacepath_web_remote"
- "traefik.http.routers.remote_websecure.tls=true"
- "traefik.http.routers.remote_websecure.tls.certresolver=myresolver"
# the local web page is http only and contains links to all servcies
- "traefik.http.routers.local_websecure.rule=Host(`${LOCAL_HOST}`) && Path(`/`)"
- "traefik.http.routers.local_websecure.entrypoints=web"
- "traefik.http.routers.local_websecure.middlewares=allow_ip_local,replacepath_web_local"
# a testpoint for http from remote (80 needs to be redirected for acme to work)
- "traefik.http.routers.remote_html_testpoint.rule=Host(`${REMOTE_HOST}`) && Path(`/testpoint`)"
- "traefik.http.routers.remote_html_testpoint.entrypoints=web"
- "traefik.http.routers.remote_html_testpoint.middlewares=replacepath_web_test"
networks:
- traefik
mosquitto:
container_name: mosquitto
image: eclipse-mosquitto
restart: unless-stopped
environment:
- TZ=Europe/Amsterdam
ports:
- target: 1883
protocol: tcp
volumes:
- ./volumes/mosquitto/data:/mosquitto/data
- ./volumes/mosquitto/config:/mosquitto/config
- ./volumes/mosquitto/log:/mosquitto/log
labels:
- "traefik.enable=true"
- "traefik.tcp.services.mosquitto.loadbalancer.server.port=1883"
# mqtt router
- "traefik.tcp.routers.mqtt.entrypoints=mqtt"
- "traefik.tcp.routers.mqtt.rule=HostSNI(`*`)"
- "traefik.tcp.routers.mqtt.service=mosquitto"
- "traefik.tcp.routers.mqtt.middlewares=tcp_allow_ip_local"
# tls mqtt router
- "traefik.tcp.routers.mqttsecure.entrypoints=mqttsecure"
- "traefik.tcp.routers.mqttsecure.rule=HostSNI(`${REMOTE_HOST}`)"
- "traefik.tcp.routers.mqttsecure.service=mosquitto"
- "traefik.tcp.routers.mqttsecure.tls=true"
networks:
- node-red-net
- traefik
portainer-ce:
container_name: portainer-ce
image: portainer/portainer-ce
restart: unless-stopped
ports:
- "8000:8000"
- "9000:9000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./volumes/portainer-ce/data:/data
networks:
- node-red-net
zigbee2mqtt:
container_name: zigbee2mqtt
image: koenkk/zigbee2mqtt
restart: unless-stopped
environment:
- TZ=Europe/Amsterdam
devices:
- /dev/ttyUSB0:/dev/ttyACM0
networks:
- node-red-net
ports:
- "8085:8085"
volumes:
- ./volumes/zigbee2mqtt/data:/app/data
- /run/udev:/run/udev:ro
privileged: true
depends_on:
- mosquitto
node-red:
container_name: node-red
image: node-red-ext
build: ./setup/node-red/.
restart: unless-stopped
environment:
- TZ=Europe/Amsterdam
ports:
- "1880:1880"
networks:
- node-red-net
volumes:
- ./volumes/node-red/data:/data
influxdb2:
container_name: influxdb2
image: "influxdb:2.0"
restart: unless-stopped
ports:
- "8086:8086"
volumes:
- ./volumes/influxdb2/data:/var/lib/influxdb2
networks:
- node-red-net
networks:
node-red-net:
traefik: