--- services: array-qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest network_mode: "service:array-gluetun" environment: - PUID=1000 - PGID=1000 - TZ=Europe/Berlin volumes: - qbittorrent-config:/config - qbittorrent-data:/data depends_on: array-gluetun: condition: service_healthy healthcheck: # Checks if the WebUI is responding on the default port 8080 test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 1m timeout: 10s retries: 3 start_period: 1m array-gluetun: image: qmcgaw/gluetun # line above must be uncommented to allow external containers to connect. # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 8888:8888/tcp # HTTP proxy - 8388:8388/tcp # Shadowsocks - 8388:8388/udp # Shadowsocks volumes: - gluetun:/gluetun networks: - array labels: - "traefik.enable=true" # 1. The Custom Router (High Priority) - "traefik.http.routers.qbittorrent-secure.rule=Host(`qbittorrent.karmacoma.dev`)" - "traefik.http.routers.qbittorrent-secure.entrypoints=websecure" - "traefik.http.routers.qbittorrent-secure.tls=true" # REMOVED: traefik.http.routers.qbittorrent-secure.tls.certresolver=letsencrypt # (We let Coolify's default router handle the cert generation) # 2. Priority 1000: This ensures YOUR router (with middleware) handles the traffic, # even though Coolify creates a default router for the same domain. - "traefik.http.routers.qbittorrent-secure.priority=1000" # 3. The Middleware (Security) - "traefik.http.routers.qbittorrent-secure.middlewares=authentik@docker" # 4. Service Definition - "traefik.http.services.qbittorrent-secure.loadbalancer.server.port=8080" # 5. Network (Crucial) - "traefik.docker.network=coolify" networks: array: external: true