version: "3.9" services: traefik: image: traefik:v2.6 container_name: traefik command: - --providers.docker=true - --providers.docker.exposedbydefault=false - --entrypoints.web.address=:80 - --entrypoints.web-secure.address=:443 - --entrypoints.web.http.redirections.entryPoint.to=web-secure - --entrypoints.web.http.redirections.entryPoint.scheme=https - --entrypoints.web.http.redirections.entrypoint.permanent=true ports: - "80:80" - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" sonarr: image: lscr.io/linuxserver/sonarr container_name: sonarr environment: - PUID=${USER_ID} - PGID=${GROUP_ID} volumes: - ./sonarr:/config - ${DATA_ROOT}:/data restart: unless-stopped labels: - traefik.enable=true - traefik.http.routers.sonarr.rule=PathPrefix(`/sonarr`) - traefik.http.services.sonarr.loadbalancer.server.port=8989 - traefik.http.routers.sonarr.tls=true radarr: image: lscr.io/linuxserver/radarr container_name: radarr environment: - PUID=${USER_ID} - PGID=${GROUP_ID} volumes: - ./radarr:/config - ${DATA_ROOT}:/data restart: unless-stopped labels: - traefik.enable=true - traefik.http.routers.radarr.rule=PathPrefix(`/radarr`) - traefik.http.routers.radarr.tls=true - traefik.http.services.radarr.loadbalancer.server.port=7878 prowlarr: image: lscr.io/linuxserver/prowlarr:develop container_name: prowlarr environment: - PUID=${USER_ID} - PGID=${GROUP_ID} volumes: - ./prowlarr:/config restart: unless-stopped labels: - traefik.enable=true - traefik.http.routers.prowlarr.rule=PathPrefix(`/prowlarr`) - traefik.http.routers.prowlarr.tls=true - traefik.http.services.prowlarr.loadbalancer.server.port=9696 qbittorrent: image: lscr.io/linuxserver/qbittorrent:14.3.9 container_name: qbittorrent environment: - PUID=${USER_ID} - PGID=${GROUP_ID} - TZ=${TIMEZONE} - WEBUI_PORT=8080 volumes: - ./qbittorrent:/config - ${DOWNLOAD_ROOT}:/data/torrents restart: unless-stopped network_mode: "service:vpn" depends_on: - vpn labels: - traefik.enable=true - traefik.http.routers.qbittorrent.rule=PathPrefix(`/qbittorrent`) - traefik.http.routers.qbittorrent.tls=true - traefik.http.services.qbittorrent.loadbalancer.server.port=8080 - traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix # https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-552146296 - traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent # https://community.traefik.io/t/middleware-to-add-the-if-needed/1895/19 - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.regex=(^.*\/qbittorrent$$) - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.replacement=$$1/ - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.permanent=false vpn: image: thrnz/docker-wireguard-pia container_name: vpn volumes: - ./pia:/pia - ./pia-shared:/pia-shared cap_add: - NET_ADMIN - SYS_MODULE environment: - LOC=${PIA_LOCATION} - USER=${PIA_USER} - PASS=${PIA_PASS} - LOCAL_NETWORK=${PIA_LOCAL_NETWORK} - PORT_FORWARDING=1 - PORT_SCRIPT=/pia-shared/portupdate-qbittorrent.sh sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.default.disable_ipv6=1 - net.ipv6.conf.all.disable_ipv6=1 - net.ipv6.conf.lo.disable_ipv6=1 healthcheck: test: ping -c 1 www.google.com || exit 1 interval: 30s timeout: 10s retries: 3 restart: unless-stopped heimdall: image: lscr.io/linuxserver/heimdall container_name: heimdall environment: - PUID=${USER_ID} - PGID=${GROUP_ID} volumes: - ./heimdall:/config restart: unless-stopped labels: - traefik.enable=true - traefik.http.routers.heimdall.rule=PathPrefix(`/`) - traefik.http.services.heimdall.loadbalancer.server.port=80 - traefik.http.routers.heimdall.tls=true networks: default: name: docker-compose-nas