impulsivefps
/
LemonSec
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
LemonSec/docker-compose.external.yml

86 lines
3.9 KiB
YAML
Raw Permalink Blame History

# External Services Router
# For services running on other VMs (TrueNAS, etc.)
version: "3.8"
networks:
services:
external: true # Connect to main LemonSec network
services:
# ============================================================================
# EXTERNAL NEXTCLOUD (on TrueNAS Scale)
# ============================================================================
# This is just a "dummy" container that tells Traefik how to route to TrueNAS
# No actual container runs - it's just configuration
nextcloud-router:
image: alpine:latest
container_name: nextcloud-router
restart: "no"
command: "echo 'This is a routing configuration container'"
networks:
- services
labels:
- "traefik.enable=true"
# EXTERNAL ACCESS - Public URL for family
- "traefik.http.routers.nextcloud.rule=Host(`cloud.lemonlink.eu`)"
- "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
# Service points to TrueNAS Nextcloud
# Replace TRUENAS_IP with your TrueNAS VM IP
- "traefik.http.services.nextcloud.loadbalancer.server.url=http://${TRUENAS_IP}:PORT"
# If TrueNAS Nextcloud uses HTTPS internally:
# - "traefik.http.services.nextcloud.loadbalancer.server.url=https://${TRUENAS_IP}:PORT"
# - "traefik.http.services.nextcloud.loadbalancer.server.scheme=https"
# - "traefik.http.services.nextcloud.loadbalancer.serversTransport=insecureTransport@file"
# AUTHENTICATION OPTIONS (choose one):
# Option A: No Authelia (Nextcloud handles auth itself)
# Good for: Family already has Nextcloud accounts
# - "traefik.http.routers.nextcloud.middlewares=security-headers@file,rate-limit@file"
# Option B: Authelia one_factor (password only, no 2FA)
# Good for: Family-friendly, still protected from internet
- "traefik.http.routers.nextcloud.middlewares=authelia@docker,security-headers@file,rate-limit@file"
# Option C: Authelia two_factor (password + 2FA)
# Good for: Maximum security
# - "traefik.http.routers.nextcloud.middlewares=authelia@docker,security-headers@file,rate-limit@file"
# WebDAV/CalDAV support (important for Nextcloud apps)
- "traefik.http.routers.nextcloud-dav.rule=Host(`cloud.lemonlink.eu`) && PathPrefix(`/.well-known/carddav`,`/.well-known/caldav`,`/remote.php`)"
- "traefik.http.routers.nextcloud-dav.entrypoints=websecure"
- "traefik.http.routers.nextcloud-dav.tls.certresolver=letsencrypt"
- "traefik.http.routers.nextcloud-dav.service=nextcloud"
- "traefik.http.routers.nextcloud-dav.middlewares=authelia@docker"
# Upload size (important for Nextcloud)
- "traefik.http.middlewares.nextcloud-headers.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.nextcloud-headers.headers.customResponseHeaders.X-Frame-Options=SAMEORIGIN"
- "traefik.http.routers.nextcloud.middlewares=authelia@docker,security-headers@file,rate-limit@file,nextcloud-headers"
# ============================================================================
# OTHER EXTERNAL SERVICES
# ============================================================================
# TrueNAS Web UI (internal only)
truenas-router:
image: alpine:latest
container_name: truenas-router
restart: "no"
command: "echo 'TrueNAS routing'"
networks:
- services
labels:
- "traefik.enable=true"
- "traefik.http.routers.truenas.rule=Host(`nas.local.lemonlink.eu`)"
- "traefik.http.routers.truenas.entrypoints=internal"
- "traefik.http.routers.truenas.tls.certresolver=letsencrypt"
- "traefik.http.routers.truenas.middlewares=authelia@docker"
- "traefik.http.services.truenas.loadbalancer.server.url=https://${TRUENAS_IP}:443"
- "traefik.http.services.truenas.loadbalancer.serversTransport=insecureTransport@file"
Reference in New Issue View Git Blame Copy Permalink