Gurulandia/Homelab
1
0
Fork 0
Code Pull Requests Actions Wiki Activity

Jemmaan

Browse Source
This commit is contained in:
Gurulandia
2026-03-01 12:24:46 +02:00
parent 251c1191c4
commit 4640eac0f4
3 changed files with 204 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
config/docker/2023/oldyml-files/gl/docker-socket-proxy.yml Normal file
View File

@@ -0,0 +1,72 @@
version: "3.7"
########################### NETWORKS
# There is no need to create any networks outside this docker-compose file.
# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
# Docker Compose version 3.5 or higher required to define networks this way.
networks:
gl_proxy:
name: gl_proxy
driver: bridge
ipam:
config:
- subnet: $GL_PROXY_SUBNET
- gateway: $GL_PROXY_GATEWAY
default:
driver: bridge
gl_socket_proxy:
name: gl_socket_proxy
driver: bridge
ipam:
config:
- subnet: $GL_SOCKET_PROXY_SUBNET
- gateway: $GL_SOCKET_PROXY_GATEWAY
########################### SERVICES
services:
# Docker Socket Proxy - Security Enchanced Proxy for Docker Socket
socket-proxy:
container_name: gl-socket-proxy
image: tecnativa/docker-socket-proxy
restart: always
networks:
gl_socket_proxy:
ipv4_address: $SOCKET_PROXY_IP # You can specify a static IP
privileged: true
#ports:
# - "127.0.0.1:2375:2375" # Port 2375 should only ever get exposed to the internal network. When possible use this line.
# I use the next line instead, as I want portainer to manage multiple docker endpoints within my home network.
# - "2375:2375"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
- LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
# 0 to revoke access.
# 1 to grant access.
## Granted by Default
- EVENTS=1
- PING=1
- VERSION=1
## Revoked by Default
# Security critical
- AUTH=0
- SECRETS=0
- POST=1 # Ouroboros
# Not always needed
- BUILD=0
- COMMIT=0
- CONFIGS=0
- CONTAINERS=1 # Traefik, portainer, etc.
- DISTRIBUTION=0
- EXEC=1
- IMAGES=1 # Portainer
- INFO=1 # Portainer
- NETWORKS=1 # Portainer
- NODES=0
- PLUGINS=0
- SERVICES=1 # Portainer
- SESSION=0
- SWARM=0
- SYSTEM=0
- TASKS=1 # Portaienr
- VOLUMES=1 # Portainer

66
config/docker/2023/oldyml-files/gl/portainer.yml Normal file
View File

@@ -0,0 +1,66 @@
version: "3.7"
########################### NETWORKS
# There is no need to create any networks outside this docker-compose file.
# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
# Docker Compose version 3.5 or higher required to define networks this way.
networks:
proxy:
name: proxy
driver: bridge
ipam:
config:
- subnet: $PROXY_SUBNET
gateway: $PROXY_GATEWAY
# default:
# driver: bridge
socket_proxy:
name: socket_proxy
driver: bridge
ipam:
config:
- subnet: $SOCKET_PROXY_SUBNET
gateway: $SOCKET_PROXY_GATEWAY
########################### SERVICES
volumes:
portainer-data:
driver: local
services:
# Portainer - WebUI for Containers
portainer:
container_name: mgmt-portainer
image: portainer/portainer-ce:latest
restart: unless-stopped
command: -H $DOCKER_ENDPOINT # Use Docker Socket Proxy instead for improved security
networks:
proxy:
# ipv4_address: $PORTAINER_IP0
socket_proxy:
# ipv4_address: $PORTAINER_IP1
security_opt:
- no-new-privileges:true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer-data:/data
ports:
- '9000:9000'
# - '9001:9000'
# - '9443:9443'
# - '8000:8000'
volumes:
# - /var/run/docker.sock:/var/run/docker.sock
- portainer-data:/data
#- $DOCKERDIR/appdata/portainer/data:/data # Change to local directory if you want to save/transfer config locally
environment:
- TZ=$TZ
# labels:
# - "traefik.enable=true"
## HTTP Routers
# - "traefik.http.routers.portainer-rtr.entrypoints=https"
# - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME0`)"
## Middlewares
# - "traefik.http.routers.portainer-rtr.middlewares=chain-authelia@file"
## HTTP Services
# - "traefik.http.routers.portainer-rtr.service=portainer-svc"
# - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"

66
config/docker/2023/oldyml-files/gl/portainer_mgmt.yml Normal file
View File

@@ -0,0 +1,66 @@
version: "3.7"
########################### NETWORKS
# There is no need to create any networks outside this docker-compose file.
# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
# Docker Compose version 3.5 or higher required to define networks this way.
networks:
proxy:
name: proxy
driver: bridge
ipam:
config:
- subnet: $PROXY_SUBNET
gateway: $PROXY_GATEWAY
# default:
# driver: bridge
# socket_proxy:
# name: socket_proxy
# driver: bridge
# ipam:
# config:
# - subnet: $SOCKET_PROXY_SUBNET
# gateway: $SOCKET_PROXY_GATEWAY
########################### SERVICES
volumes:
portainer-data:
driver: local
services:
# Portainer - WebUI for Containers
portainer:
container_name: mgmt-portainer
image: portainer/portainer-ce:latest
restart: unless-stopped
# command: -H $DOCKER_ENDPOINT # Use Docker Socket Proxy instead for improved security
networks:
proxy:
# ipv4_address: $PORTAINER_IP0
# socket_proxy:
# ipv4_address: $PORTAINER_IP1
security_opt:
- no-new-privileges:true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer-data:/data
ports:
# - '9000:9000'
- '9001:9000'
# - '9443:9443'
# - '8000:8000'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer-data:/data
#- $DOCKERDIR/appdata/portainer/data:/data # Change to local directory if you want to save/transfer config locally
environment:
- TZ=$TZ
# labels:
# - "traefik.enable=true"
## HTTP Routers
# - "traefik.http.routers.portainer-rtr.entrypoints=https"
# - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME0`)"
## Middlewares
# - "traefik.http.routers.portainer-rtr.middlewares=chain-authelia@file"
## HTTP Services
# - "traefik.http.routers.portainer-rtr.service=portainer-svc"
# - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"