knet-array/downloader.docker-compose.yml

---
services:
  array-qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    network_mode: "service:array-gluetun"
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
      - qbittorrent-config:/config
      - qbittorrent-data:/data
    depends_on:
      array-gluetun:
        condition: service_healthy
    healthcheck:
      # Checks if the WebUI is responding on the default port 8080
      test: ["CMD", "curl", "-f", "http://localhost:8080/"]
      interval: 1m
      timeout: 10s
      retries: 3
      start_period: 1m

  array-gluetun:
    image: qmcgaw/gluetun
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - gluetun:/gluetun
    networks:
      - array
    labels:
labels:
      - "traefik.enable=true"
      
      # 1. Create a STATIC router name (e.g., 'qbittorrent-secure')
      #    This replaces the dynamic 'https-0-uuid' name.
      - "traefik.http.routers.qbittorrent-secure.rule=Host(`qbittorrent.karmacoma.dev`)"
      
      # 2. Force High Priority
      #    This ensures Traefik uses THIS router (with Auth) instead of 
      #    any conflicting router Coolify might auto-generate.
      - "traefik.http.routers.qbittorrent-secure.priority=100"
      
      # 3. Standard Boilerplate (Required because we are making a manual router)
      - "traefik.http.routers.qbittorrent-secure.entrypoints=websecure"
      - "traefik.http.routers.qbittorrent-secure.tls=true"
      - "traefik.http.routers.qbittorrent-secure.tls.certresolver=letsencrypt"
      
      # 4. Attach the Middleware
      #    Now we can reference it because we know our own router's name!
      #    (Note: We use 'authentik@docker' to ensure we look for the middleware globally)
      - "traefik.http.routers.qbittorrent-secure.middlewares=gzip,authentik@docker"
      
      # 5. Service Mapping
      #    Tell the router to send traffic to the service port (8080 for qbit/gluetun)
      - "traefik.http.services.qbittorrent-secure.loadbalancer.server.port=8080"
networks:
  array:
    external: true