72 lines
3 KiB
YAML
72 lines
3 KiB
YAML
---
|
|
services:
|
|
array-qbittorrent:
|
|
image: lscr.io/linuxserver/qbittorrent:latest
|
|
network_mode: "service:array-gluetun"
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Europe/Berlin
|
|
volumes:
|
|
- qbittorrent-config:/config
|
|
- /mnt/osirisbox:/data
|
|
- qbittorrent-incomplete:/incomplete
|
|
depends_on:
|
|
array-gluetun:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
# Checks if the WebUI is responding on the default port 8080
|
|
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
|
|
interval: 1m
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 1m
|
|
|
|
array-gluetun:
|
|
image: qmcgaw/gluetun
|
|
# line above must be uncommented to allow external containers to connect.
|
|
# See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
|
|
cap_add:
|
|
- NET_ADMIN
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
ports:
|
|
- 8888:8888/tcp # HTTP proxy
|
|
- 8388:8388/tcp # Shadowsocks
|
|
- 8388:8388/udp # Shadowsocks
|
|
environment:
|
|
- VPN_PORT_FORWARDING_UP_COMMAND=/bin/sh -c 'wget -O- --retry-connrefused --post-data "json={\"listen_port\":{{PORT}},\"current_network_interface\":\"{{VPN_INTERFACE}}\",\"random_port\":false,\"upnp\":false}" http://127.0.0.1:8080/api/v2/app/setPreferences 2>&1' VPN_PORT_FORWARDING_DOWN_COMMAND=/bin/sh -c 'wget -O- --retry-connrefused --post-data "json={\"listen_port\":0,\"current_network_interface\":\"lo"}" http://127.0.0.1:8080/api/v2/app/setPreferences 2>&1'
|
|
volumes:
|
|
- gluetun:/gluetun
|
|
networks:
|
|
- array
|
|
labels:
|
|
- "traefik.enable=true"
|
|
# Define a custom service pointing to port 8080 (qBittorrent WebUI)
|
|
- "traefik.http.services.gluetun-svc.loadbalancer.server.port=8080"
|
|
|
|
# --- SECURE ROUTER (HTTPS) ---
|
|
# 1. Match the domain
|
|
- "traefik.http.routers.gluetun-secure.rule=Host(`qbittorrent.karmacoma.dev`)"
|
|
# 2. Use HTTPS entrypoint
|
|
- "traefik.http.routers.gluetun-secure.entrypoints=https"
|
|
# 3. Enable TLS (SSL) using LetsEncrypt
|
|
- "traefik.http.routers.gluetun-secure.tls=true"
|
|
- "traefik.http.routers.gluetun-secure.tls.certresolver=letsencrypt"
|
|
# 4. Apply the Authentik Middleware (Check the name matches your dynamic config)
|
|
- "traefik.http.routers.gluetun-secure.middlewares=authentik-auth@file"
|
|
# 5. Point to the service we defined above
|
|
- "traefik.http.routers.gluetun-secure.service=gluetun-svc"
|
|
# 6. PRIORITY: This is the fix. Higher number wins over Coolify defaults.
|
|
- "traefik.http.routers.gluetun-secure.priority=100"
|
|
|
|
# --- OPTIONAL: HTTP REDIRECT (Standard Coolify behavior) ---
|
|
- "traefik.http.routers.gluetun-http.rule=Host(`qbittorrent.karmacoma.dev`)"
|
|
- "traefik.http.routers.gluetun-http.entrypoints=http"
|
|
- "traefik.http.routers.gluetun-http.middlewares=redirect-to-https"
|
|
- "traefik.http.routers.gluetun-http.priority=100"
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
|
|
networks:
|
|
array:
|
|
external: true
|