* Several updates 2023_05_26. See full commit log.

* A ton of changes.
* Renamed docker-compose.yml to docker-compose-npm.yml to align with the naming convention used for traefik.
* I was getting tired of my experiments affecting media servers and databases, which were needed 24/7. So split media apps and databases into their own compose. I run this on a separate Ubuntu LXC (unprivileged) container on Proxmox.
* Deleted docker-compose-t2-obsolete.yml. Moved all obsolete apps into their own yml files in the archives folder.
* Major changes on docker-compose-t2.yml (my home server). Extension fields were killing the readability and made it difficult to write guides without explaining. Therefore, I removed extension fields. This will be replicated to Synology and Web Server compose files in future.
* Updated hardware and docker version details in compose files.
* Added docker profiles with the aim of symplifying starting and stopping specific group of services.
* Updated some paths to reflect the new setup.
* Replaced Nzbget with SABnzbd. Nzbget development stopped.
* Archived handbrake, mkvtoolnix, makemkv - rarely used them.
* Temporarily removed glances, qdirstat, AdGuard-Home Sync
* Add IT-Tools, Sitespeed.io (to monitor my site performance)
* Added Lidarr, Radarr, Prowlarr, SABnzbd, and Sonarr exporters to send metrics to Prometheus - I may remove some of this information is also available via Home Assistant InfluxDB.
* Added Node-Exporter to scrape Docker host metrics into Prometheus for Grafana dashboarding.
* Updated milddlewares.yml removed old settings and cleaned things up a bit.
* Update media-services.txt - This might go away in future after I implement docker profiles.
* Updated README.
* Whats coming: Move traefik CLI commands to traefik.yml to clean up the compose. Add Traefik plugins.

.gitignore

@@ -12,7 +12,8 @@
 !docker-compose-t2-obsolete.yml
 !docker-compose-t2-synology.yml
 !docker-compose-t2-web.yml
-!docker-compose.yml
+!docker-compose-npm.yml
+!docker-compose-t2-media-db.yml
 
 !.github
 .github/*
@@ -53,18 +54,7 @@ scripts/web/*
 
 !archives
 archives/*
-!archives/docker-compose-t1.yml
-!archives/docker-compose-t1-vpn.yml
-!archives/docker-compose-t1-obsolete.yml
-!archives/docker-compose-t1-swarm.yml
-!archives/traefik1
-archives/traefik1/*
-!archives/traefik1/*.example
-!archives/traefik1/rules
-archives/traefik1/rules/*
-!archives/traefik1/rules/*.example
-!archives/traefik1-swarm
-archives/traefik1-swarm/*
+!archives/**
 
 !appdata
 appdata/*

CHANGELOG.md

@@ -5,7 +5,7 @@
 - Only showing high-level changes. Smaller changes are too many to list. See commits.
 
 ## Planned (notes for future):
-
+- apprise, Apprise api, remmina, Webtop, openvscode-server, 
 - Add projectsend, embystat, nextcloud, nut-upsd, HealthChecks, FileRun, fail2ban, ofelia, scrutiny to NUC, Wireguard, traktarr, listrr, Subliminal, netdata, Exportarr, Unpackarr
 - Check Cloudbox/cloudbox - plex autoscan, cloudplow, plexdupefinder, plextraktsync
 - implement secrets and remove variables from .env

README.md

@@ -7,47 +7,55 @@ This is the updated docker-compose repo of all the media, home, and web server a
 - [WordPress on Docker with Nginx, Traefik, LE SSL, Security, and Speed](https://www.smarthomebeginner.com/wordpress-on-docker-traefik/)
 - [Ultimate Synology NAS Docker Compose Media Server 2022](https://www.smarthomebeginner.com/synology-nas-docker-media-server-2022/)
 
+# Support My Work
+
+Documenting, writing guides, and keeping this repo update-to-date takes hundreds of hours of work. Please consider supporting my work to show your appreciation. 
+
+# Did this Repo help you?
+- Become a patron and show us your strongest support. 
+
+<div style="text-align:center;margin:20px"><a href="https://www.patreon.com/smarthomebeginner" target="_blank" rel="nofollow noopener noreferrer"><img src="https://www.smarthomebeginner.com/images/2022/05/become-a-patreon.jpg" alt="" width="434" height="102" /></a></div>
+
+- Please consider buying us a coffee (or two) as a token of appreciation.
+
+<div style="text-align:center;margin:20px"><a href="https://www.buymeacoffee.com/smarthomebeginr" target="_blank" rel="nofollow noopener noreferrer"><img src="https://www.smarthomebeginner.com/images/2020/04/coffee.png" alt="" width="340" height="77" /></a></div>
+
+# Join our Community
+
+<div style="text-align:center;margin:20px"><a href="https://www.smarthomebeginner.com/discord-github" target="_blank" rel="nofollow noopener noreferrer"><img src="https://www.smarthomebeginner.com/images/2022/05/join-discord-300x75.png" alt="" width="300" height="75" /></a></div>
+
+- Do you need support or just want to chat with like-minded people. Join our discord. 
+- The authors will try our best to help but support is not guaranteed. But you will find others who might have went through what you are going through and may be willing to pay it forward and help. 
+
 <div style="padding:20px;border: 3px solid red;">
 <h3>IMPORTANT</h3>
 If you are going to start from scratch using this repo, be prepared to be patient and start slow. There are so many details to pay attention to. First start with the basic Docker Media Server guide linked above (with Nginx Proxy Manager instead of Traefik). 
 
-When you are ready to upgrade to Traefik or prefer Traefik over Nginx Proxy Manager, I strongly suggest getting Traefik and Traefik dashboard up and running before adding any other app. Here is the order I would recommend:
-
-<ol>
-<li>Traefik with HTTP Authentication. This requires:</li>
-<ul>
-<li>.env file</li>
-<li>secrets</li>
-<li>network definition</li>
-<li>middlewares and chains</li>
-</ul>
-<li>Socket Proxy</li>
-<li>Check to ensure Traefik still works</li>
-<li>OAuth or Authelia (optional)</li>
-<li>Check to ensure OAuth works</li>
-<li>Put Traefik dashboard behind OAuth or Authelia and disable HTTP Authentication</li>
-<li>Ensure Traefik dashboard works behind OAuth/Authelia</li>
-<li>Proceed to add portainer and other apps/services</li>
-</ol>
+When you are ready to upgrade to Traefik or prefer Traefik over Nginx Proxy Manager, I strongly suggest getting Traefik and Traefik dashboard up and running before adding any other app. 
 
 Go step-by-step. If you bite too big of a piece, I guarantee you will choke.
 
 </div>
 
-<strong>Supporting Articles:</strong>
+<strong>Supporting Guides:</strong>
 
 - [How to Install Docker and Docker Compose on Ubuntu 22.04 LTS](https://www.smarthomebeginner.com/install-docker-on-ubuntu-22-04/) [[VIDEO](https://youtu.be/nwFh4JBGD_0)]
 - [How to Install Docker and Docker Compose on Ubuntu 20.04 LTS](https://www.smarthomebeginner.com/install-docker-on-ubuntu-20-04/)
 - [Cloudflare Settings for Traefik Docker: DDNS, CNAMEs, & Tweaks](https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker/)
+- [Ultimate Docker to Podman Migration Guide: It's NOT difficult](https://www.smarthomebeginner.com/docker-to-podman-migration-guide/)
+- [Nextcloud Docker with Traefik Reverse Proxy for Beginners](https://www.smarthomebeginner.com/traefik-docker-nextcloud/)
+
+<strong>Security Guides:</strong>
+
 - [Google OAuth 2 MFA Protection for Docker](https://www.smarthomebeginner.com/traefik-forward-auth-google-oauth-2022/)
 - [Authelia MFA Protection for Docker](https://www.smarthomebeginner.com/docker-authelia-tutorial/)
 - [Traefik Docker Security Best Practices](https://www.smarthomebeginner.com/traefik-docker-security-best-practices/)
 - [Crowdsec Docker Compose Guide Part 1: Powerful IPS with Firewall Bouncer](https://www.smarthomebeginner.com/crowdsec-docker-compose-1-fw-bouncer/)
 - [CrowdSec Docker Part 2: Improved IPS with Cloudflare Bouncer](https://www.smarthomebeginner.com/crowdsec-cloudflare-bouncer/)
 - [CrowdSec Docker Part 3: Traefik Bouncer for Additional Security](https://www.smarthomebeginner.com/crowdsec-traefik-bouncer/)
 - [CrowdSec Multiserver Docker (Part 4): For Ultimate Protection](https://www.smarthomebeginner.com/crowdsec-multiserver-docker/)
-- [Ultimate Docker to Podman Migration Guide: It's NOT difficult](https://www.smarthomebeginner.com/docker-to-podman-migration-guide/)
-- [Nextcloud Docker with Traefik Reverse Proxy for Beginners](https://www.smarthomebeginner.com/traefik-docker-nextcloud/)
+
+For security, I implemented CrowdSec multi-server setup in 2022. From the stats, it is blocking/mitigating well over 600 intrusion attempts per day on my servers. I will cover this in a separate guide later but you will find the docker-compose CrowdSec, Traefik Bouncer, and Cloudflare Bouncer Bouncers in my repo already.
 
 ### Obsolete Posts (for educational purposes):
 
@@ -58,45 +66,33 @@ The following posts have been updated/replaced by the posts linked above:
 - [Docker Media Server with Traefik 1 Reverse Proxy](https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/)
 - [Synology Docker Media Server with Traefik, Docker Compose, and Cloudflare](https://www.smarthomebeginner.com/synology-docker-media-server/)
 
-## Docker, Docker Compose, and Traefik Versions (updated September, 2022)
-
-- Docker: 20.10.18
-- Docker Compose: v2.10.2
-- Traefik: 2.8
-
-<strong>Update (September 13, 2021):</strong> I moved from TOML to YAML for Traefik 2 dynamic configurations. I have included example configuration files for both. However, since I do not use TOML anymore, there may be minor syntax errors or typos.
-
 ### Description of Compose Files in this Repo
 
-- docker-compose.yml - this is the basic media server stack with Nginx Proxy Manager instead of Traefik
-- docker-compose-t2.yml - this is my main stack with most apps/services, including Traefik
+- docker-compose-t2.yml - this is my main stack with most apps/services (home aserver), including Traefik
+- docker-compose-npm.yml - this is the basic media server stack with Nginx Proxy Manager instead of Traefik
 - docker-compose-t2-web.yml - web server specific stack for WordPress and non-WordPress sites with Nginx and Traefik
 - docker-compose-t2-synology.yml - apps/services that I run on Synology NAS using Docker Compose for Homelab use
-- docker-compose-t2-obsolete.yml - apps/services that I once tried/used but don't use anymore (future compatibility not guaranteed)
-
-Almost any app/service from the docker-compose files listed above can be copy-pasted to any other compose file in this repo.
 
-### Compose Files Archive (NOT ACTIVELY MAINTAINED)
+<div style="padding:20px;border: 3px solid red;">
+Please note that docker-compose files in the <strong>archives</strong> folder is not actively maintained. They may need updates/rework.
+</div>
 
-- archives/docker-compose-t1.yml
-- archives/docker-compose-t1-vpn.yml
-- archives/docker-compose-t1-obsolete.yml
-- archives/docker-compose-t1-swarm.yml
+Almost any app/service from the docker-compose files listed above can be copy-pasted to any other compose file in this repo.
 
 ## MY SETUP
 
-- MAIN - Ubuntu 22.04 Proxmox LXC Container on Intel Xeon E3-1240 V2.
-- WEB - Ubuntu 22.04 Proxmox VM on Intel Xeon E3-1240 V2.
-- SYNOLOGY - Synology DS918+ NAS.
+- Home Server (docker-compose-t2.yml) - Ubuntu 22.04 Proxmox LXC Container on AMD Ryzen 7 4800u ASROCK 4x4 Box 
+- Media Server (docker-compose-t2-media-db.yml) - Ubuntu 22.04 Proxmox LXC Container on AMD Ryzen 7 4800u ASROCK 4x4 Box 
+- Web Server (docker-compose-t2-web.yml) - Digital Ocean VPS (2 cores and 2 GB RAM)
+- Synology (docker-compose-t2-synology.yml) - Synology DS918+ NAS.
 
 I use Syncthing to keep certain key files synched between various systems.
 
-### Security
-For security, I implemented CrowdSec multi-server setup recently. From the stats, it is blocking/mitigating well over 600 intrusion attempts per day on my servers. I will cover this in a separate guide later but you will find the docker-compose CrowdSec, Traefik Bouncer, and Cloudflare Bouncer Bouncers in my repo already.
-
 ## What apps are included in this stack?
 
-The apps I use are scattered around in several different docker-compose files. Some apps are used in more than one host and some on only one.
+The apps I use are scattered around in several different docker-compose files. Click the links below for specific installation guides.
+
+ Some apps are used in more than one host and some on only one. 
 
 ### FRONTENDS
 
@@ -106,7 +102,7 @@ The apps I use are scattered around in several different docker-compose files. S
 - Traefik Custom Error Pages
 - OAuth - Google OAuth 2 Forward Authentication
 - Authelia - Private Forward Authentication
-- Portainer - Container Management
+- [Portainer](https://www.smarthomebeginner.com/portainer-docker-compose-guide/) - Container Management
 - Organizr - Dashboard for Apps
 - Heimdall - Dashboard for Apps
 - Homepage - Dashboard for Apps
@@ -126,9 +122,9 @@ The apps I use are scattered around in several different docker-compose files. S
 
 - MariaDB - MySQL Database
 - phpMyAdmin - Database management
-- InfluxDB - Database for sensor data
+- [InfluxDB](https://www.smarthomebeginner.com/influxdb-docker-compose-guide/) - Database for sensor data
 - Postgres - Database
-- Grafana - Graphical data visualization for InfluxDB data
+- [Grafana](https://www.smarthomebeginner.com/grafana-docker-compose-guide/) - Graphical data visualization for InfluxDB data
 - Varken - Monitor Plex, Sonarr, Radarr, and Other Data
 - Redis - Key value store
 - Redis Commander - Redis management
@@ -162,9 +158,9 @@ The apps I use are scattered around in several different docker-compose files. S
 - FunkWhale - Music Server
 - Calibre - Ebook/Audiobook Server
 - Calibre-Web - Ebook/Audiobook Reader
-- Plex - Media Server
+- [Plex](https://www.smarthomebeginner.com/plex-docker-compose/) - Media Server
 - Emby - Media Server
-- Jellyfin - Media Server
+- [Jellyfin](https://www.smarthomebeginner.com/jellyfin-docker-compose/) - Media Server
 - Ombi - Media Requests
 - Tautulli - Previously PlexPy. Plex statistics and monitoring
 - Plex-Sync - For Syncing watched status between plex servers
@@ -189,7 +185,7 @@ The apps I use are scattered around in several different docker-compose files. S
 - APCUPSD - APC UPS Management
 - Guacamole - Remote desktop, SSH, on Telnet on any HTML5 Browser
 - Guacamole Daemon - Needed for Guacamole
-- Dozzle - Docker logs viewer
+- [Dozzle](https://www.smarthomebeginner.com/dozzle-docker-compose-guide/) - Docker logs viewer
 - qDirStat - Directory Statistics
 - StatPing - Status Page & Monitoring Server
 - SmokePing - Network Latency Monitoring
@@ -204,6 +200,7 @@ The apps I use are scattered around in several different docker-compose files. S
 - MergerFS - Merge local and remote file systems
 - Gluetun - VPN client for docker containers and more
 - DeUnhealth - Auto restart containers on VPN restart
+- [AdGuard Home](https://www.smarthomebeginner.com/adguard-home-docker-compose-guide/) - DNS Sinkhole / Ad-blocker
 
 ### WEB
 
@@ -219,12 +216,6 @@ The apps I use are scattered around in several different docker-compose files. S
 - Cloudflare Companion - Automatic CNAME creation for services
 - WhoAmI - For testing.
 
-# Installation and Usage
-
-Follow the guides linked at the beginning of this readme. 
-
---------- ANYTHING THAT HAS "example" IN THE NAME WILL HAVE TO BE RENAMED APPROPRIATELY ---------
-
 ## Starting and Stopping
 
 I use bash_aliases to simplify starting and stopping containers/stack. Included in the repo is an example of bash_aliases I use (replace USER with your Linux username). Here are some example alias commands:
@@ -235,19 +226,4 @@ I use bash_aliases to simplify starting and stopping containers/stack. Included
 - <strong>dcstop2</strong> - Stop a specific service
 - <strong>dcrestart2</strong> - Restart a specific service
 - <strong>dclogs2</strong> - See real-time logs for the corresponding stack or service
-- <strong>dcpull2</strong> - Pull new images for the corresponding stack or service
-
-## Join our Community
-- Do you need support or just want to chat with like-minded people. Join our discord. 
-- The authors will try our best to help but support is not guaranteed. But you will find others who might have went through what you are going through and may be willing to pay it forward and help. 
-
-<div style="text-align:center;margin:20px"><a href="https://www.smarthomebeginner.com/discord-github" target="_blank" rel="nofollow noopener noreferrer"><img src="https://www.smarthomebeginner.com/images/2022/05/join-discord-300x75.png" alt="" width="300" height="75" /></a></div>
-
-# Did this Repo help you?
-- Become a patron and show us your strongest support. 
-
-<div style="text-align:center;margin:20px"><a href="https://www.patreon.com/smarthomebeginner" target="_blank" rel="nofollow noopener noreferrer"><img src="https://www.smarthomebeginner.com/images/2022/05/become-a-patreon.jpg" alt="" width="434" height="102" /></a></div>
-
-- Please consider buying us a coffee (or two) as a token of appreciation.
-
-<div style="text-align:center;margin:20px"><a href="https://www.buymeacoffee.com/smarthomebeginr" target="_blank" rel="nofollow noopener noreferrer"><img src="https://www.smarthomebeginner.com/images/2020/04/coffee.png" alt="" width="340" height="77" /></a></div>
+- <strong>dcpull2</strong> - Pull new images for the corresponding stack or service

appdata/traefik2/rules/cloudserver/middlewares.yml

@@ -30,18 +30,14 @@ http:
         stsIncludeSubdomains: true
         stsPreload: true
         forceSTSHeader: true
-        customFrameOptionsValue: "allow-from https:{{env "DOMAINNAME_CLOUD_SERVER"}}" #CSP takes care of this but may be needed for organizr.
+        customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
         contentTypeNosniff: true
         browserXssFilter: true
-        # sslForceHost: true # add sslHost to all of the services
-        # sslHost: "{{env "DOMAINNAME_CLOUD_SERVER"}}"
         referrerPolicy: "same-origin"
         permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
         customResponseHeaders:
-          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
-          server: ""
-          # https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732
-          # X-Forwarded-Proto: "https"
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex," # disable search engines from indexing home server
+          server: "" # hide server info from visitors
 
     middlewares-oauth:
       forwardAuth:

archives/adguardhome-sync.yml

@@ -0,0 +1,11 @@
+  # AdGuard Home Sync - Sync Settings between AdGuard Homes
+  adguardhome-sync:
+    <<: *common-keys-core # See EXTENSION FIELDS at the top
+    image: lscr.io/linuxserver/adguardhome-sync:latest
+    container_name: adguardhome-sync
+    environment:
+      <<: *default-tz-puid-pgid
+      CONFIGFILE: /config/adguardhome-sync.yaml #optional
+    volumes:
+      - $DOCKERDIR/appdata/adguard-home/config:/config
+

archives/ampache.yml

@@ -0,0 +1,28 @@
+  # Ampache - Music Server
+  ampache:
+    container_name: ampache
+    image: ampache/ampache:nosql
+    restart: "no"
+    # profiles:
+    # - media
+    networks:
+      - t2_proxy
+      - default
+    security_opt:
+      - no-new-privileges:true
+    # ports:
+    #   - "$AMPACHE_PORT:80"
+    volumes:
+      - $DOCKERDIR/appdata/ampache/config:/var/www/config
+      - $DOCKERDIR/appdata/ampache/log:/var/log/ampache
+      - $DATADIR/media/music:/media
+    labels:
+      - "traefik.enable=true"
+      ## HTTP Routers
+      - "traefik.http.routers.ampache-rtr.entrypoints=https"
+      - "traefik.http.routers.ampache-rtr.rule=Host(`amp.$DOMAINNAME0`)"
+      ## Middlewares
+      - "traefik.http.routers.ampache-rtr.middlewares=chain-no-auth@file"
+      ## HTTP Services
+      - "traefik.http.routers.ampache-rtr.service=ampache-svc"
+      - "traefik.http.services.ampache-svc.loadbalancer.server.port=80"

archives/apcupsd.yml

@@ -0,0 +1,19 @@
+  # APCUPSD - APC UPS Management
+  # create the apcupsd.conf file
+  apcupsd:
+    image: gersilex/apcupsd:latest
+    container_name: apcupsd
+    restart: unless-stopped
+    networks:
+      - t2_proxy
+    security_opt:
+      - no-new-privileges:true
+    ports:
+      - "$APCUPSD_PORT:3551"
+    privileged: true
+    tty: true
+    volumes:
+      - /tmp/apcupsd-docker:/tmp/apcupsd-docker
+      - $DOCKERDIR/apcupsd/apcupsd.conf:/etc/apcupsd/apcupsd.conf
+      - $DOCKERDIR/apcupsd/doshutdown:/etc/apcupsd/doshutdown
+      - $DOCKERDIR/apcupsd/apcupsd.events:/var/log/apcupsd.events