From 9b5c20450ddaab5260dd52c1d872acbd49c44426 Mon Sep 17 00:00:00 2001
From: Netshade <netshade@niefelheim.com>
Date: Fri, 16 Aug 2024 15:51:43 +0200
Subject: [PATCH] Experimenting with traefik to no avail

---
 compose/arr/docker-compose.yml   |   8 +
 swarm/arr/docker-compose.yml     | 267 ++++++++++++++++---------------
 swarm/traefik/docker-compose.yml |  25 ++-
 3 files changed, 163 insertions(+), 137 deletions(-)

diff --git a/compose/arr/docker-compose.yml b/compose/arr/docker-compose.yml
index a50e1bd..d4f87ec 100644
--- a/compose/arr/docker-compose.yml
+++ b/compose/arr/docker-compose.yml
@@ -57,6 +57,14 @@ services:
       - PGID=101
       - UMASK=002
       - TZ=Europe/Stockholm
+    labels:
+      - traefik.enable=true
+      - "traefik.http.routers.arr-prowlarr.rule=(Host(`niefelheim.com`) && Path(`/prowlarr`))"
+      - "traefik.http.routers.arr-prowlarr_https.rule=(Host(`niefelheim.com`) && Path(`/prowlarr`))"
+      - traefik.http.services.arr-prowlarr.loadbalancer.server.port=9696
+      - traefik.http.routers.arr-prowlarr_https.entrypoints=web-secure
+      - traefik.http.routers.arr-prowlarr_https.tls=true
+      - traefik.http.routers.arr-prowlarr_https.tls.certresolver=le
     volumes:
       - "prowlarr:/config"
       - "/etc/localtime:/etc/localtime:ro"
diff --git a/swarm/arr/docker-compose.yml b/swarm/arr/docker-compose.yml
index 9937f90..2cb5554 100644
--- a/swarm/arr/docker-compose.yml
+++ b/swarm/arr/docker-compose.yml
@@ -4,24 +4,25 @@ services:
 
   # image used to index torrent links from the internet
   prowlarr:
-    image: linuxserver/prowlarr:latest
+    image: ghcr.io/hotio/prowlarr:latest
     container_name: arr-suite-prowlarr
     deploy:
       placement:
         constraints: [node.labels.media_disk == true ]
     environment:
       - PUID=988
-      - PGID=979
+      - PGID=101
       - UMASK=002
       - TZ=Europe/Stockholm
     volumes:
       - "prowlarr:/config"
       - "/etc/localtime:/etc/localtime:ro"
+      - "/data/backup/arr/prowlarr:/config/backup"
       #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/prowlarr:/config # database and Prowlarr configs
-    expose:
-      - 9696/tcp # web ui
-    ports:
-      - 9696:9696/tcp # web ui
+    #expose:
+    #  - 9696/tcp # web ui
+    #ports:
+    #  - 9696:9696/tcp # web ui
     restart: unless-stopped
     networks:
       - traefik-public
@@ -40,145 +41,145 @@ services:
     #  - traefik.http.routers.prowlarr.middlewares=local-ipwhitelist@file
 
   # image used to scan for tv shows
-  sonarr:
-    image: linuxserver/sonarr:latest
-    container_name: arr-suite-sonarr
-    deploy:
-      placement:
-        constraints: [node.labels.media_disk == true ]
-    environment:
-      - PUID=989
-      - PGID=979
-      - TZ=Europe/Stockholm
-      - UMASK=002
-    volumes:
-      - "sonarr:/config"
-      - "/etc/localtime:/etc/localtime:ro"
-      - "/var/cloud/Media/Serier:/media/tv"
-      - "/var/cloud/transmission/downloads:/data/torrents"
-      - "/var/cloud/Media/Trashcan/Series:/media/trash"
+  #sonarr:
+  #  image: linuxserver/sonarr:latest
+  #  container_name: arr-suite-sonarr
+  #  deploy:
+  #    placement:
+  #      constraints: [node.labels.media_disk == true ]
+  #  environment:
+  #    - PUID=989
+  #    - PGID=979
+  #    - TZ=Europe/Stockholm
+  #    - UMASK=002
+  #  volumes:
+  #    - "sonarr:/config"
+  #    - "/etc/localtime:/etc/localtime:ro"
+  #    - "/var/cloud/Media/Serier:/media/tv"
+  #    - "/var/cloud/transmission/downloads:/data/torrents"
+  #    - "/var/cloud/Media/Trashcan/Series:/media/trash"
         #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/sonarr:/config # database and Radarr configs
         #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
-    expose:
-      - 8989/tcp # web ui
-    ports:
-      - 8989:8989/tcp # web ui
-    restart: unless-stopped
-    networks:
-      - traefik-public
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=traefik-public
-      - traefik.constraint-label=traefik-public
-      - "traefik.http.routers.sonarr.rule=(Host(`niefelheim.com`) && Path(`/sonarr`))"
-      - traefik.http.services.sonarr.loadbalancer.server.port=8989
+  #  expose:
+  #    - 8989/tcp # web ui
+  #  ports:
+  #    - 8989:8989/tcp # web ui
+  #  restart: unless-stopped
+  #  networks:
+  #    - traefik-public
+  #  labels:
+  #    - traefik.enable=true
+  #    - traefik.docker.network=traefik-public
+  #    - traefik.constraint-label=traefik-public
+  #    - "traefik.http.routers.sonarr.rule=(Host(`niefelheim.com`) && Path(`/sonarr`))"
+  #    - traefik.http.services.sonarr.loadbalancer.server.port=8989
     #  # Optional part for traefik middlewares
     #  - traefik.http.routers.sonarr.middlewares=local-ipwhitelist@file
 
   # image used to scan for movies
-  radarr:
-    image: linuxserver/radarr:latest
-    container_name: arr-suite-radarr
-    deploy:
-      placement:
-        constraints: [node.labels.media_disk == true ]
-    environment:
-      - PUID=990
-      - PGID=101
-      - UMASK=002
-      - TZ=Europe/Stockholm
-    volumes:
-      - "radarr:/config"
-      - "/etc/localtime:/etc/localtime:ro"
-      - "/var/cloud/transmission/downloads:/data/torrents"
-      - "/var/cloud/Media/Film:/media/movies"
-      - "/var/cloud/Media/Kids:/media/movies2"
-      - "/var/cloud/Media/Trashcan/Movies:/media/trash"
+  #radarr:
+  #  image: linuxserver/radarr:latest
+  #  container_name: arr-suite-radarr
+  #  deploy:
+  #    placement:
+  #      constraints: [node.labels.media_disk == true ]
+  #  environment:
+  #    - PUID=990
+  #    - PGID=101
+  #    - UMASK=002
+  #    - TZ=Europe/Stockholm
+  #  volumes:
+  #    - "radarr:/config"
+  #    - "/etc/localtime:/etc/localtime:ro"
+  #    - "/var/cloud/transmission/downloads:/data/torrents"
+  #    - "/var/cloud/Media/Film:/media/movies"
+  #    - "/var/cloud/Media/Kids:/media/movies2"
+  #    - "/var/cloud/Media/Trashcan/Movies:/media/trash"
       #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/radarr:/config
       #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
-    expose:
-      - 7878/tcp # web ui
-    ports:
-      - 7878:7878/tcp # web ui
-    restart: unless-stopped
-    networks:
-      - traefik-public
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=traefik-public
-      - "traefik.http.routers.radarr.rule=(Host(`niefelheim.com`) && Path(`/radarr`))"
-      - traefik.constraint-label=traefik-public  
-      - traefik.http.services.radarr.loadbalancer.server.port=7878
+  #  expose:
+  #    - 7878/tcp # web ui
+  #  ports:
+  #    - 7878:7878/tcp # web ui
+  #  restart: unless-stopped
+  #  networks:
+  #    - traefik-public
+  #  labels:
+  #    - traefik.enable=true
+  #    - traefik.docker.network=traefik-public
+  #    - "traefik.http.routers.radarr.rule=(Host(`niefelheim.com`) && Path(`/radarr`))"
+  #    - traefik.constraint-label=traefik-public  
+  #    - traefik.http.services.radarr.loadbalancer.server.port=7878
     #  # Optional part for traefik middlewares
     #  - traefik.http.routers.radarr.middlewares=local-ipwhitelist@file
 
   # image used to scan for music
-  lidarr:
-    image: linuxserver/lidarr:latest
-    container_name: arr-suite-lidarr
-    deploy:
-      placement:
-        constraints: [node.label.media_disk == true ]
-    environment:
-      - PUID=993
-      - PGID=101
-      - TZ=Europe/Stockholm
-    volumes:
-      - "lidarr:/config"
-      - "/etc/localtime:/etc/localtime:ro"
-      - "/var/cloud/Media/Mp3:/media/music"
-      - "/var/cloud/Media/Trashcan:/media/trash"
-      - "/var/cloud/transmission/downloads:/data/torrents"
+  #lidarr:
+  #  image: linuxserver/lidarr:latest
+  #  container_name: arr-suite-lidarr
+  #  deploy:
+  #    placement:
+  #      constraints: [node.label.media_disk == true ]
+  #  environment:
+  #    - PUID=993
+  #    - PGID=101
+  #    - TZ=Europe/Stockholm
+  #  volumes:
+  #    - "lidarr:/config"
+  #    - "/etc/localtime:/etc/localtime:ro"
+  #    - "/var/cloud/Media/Mp3:/media/music"
+  #    - "/var/cloud/Media/Trashcan:/media/trash"
+  #    - "/var/cloud/transmission/downloads:/data/torrents"
       #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/lidarr:/config
       #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
-    expose:
-     - 8686/tcp # web ui
-    ports:
-     - 8686:8686/tcp # web ui
-    restart: unless-stopped
-    networks:
-      - traefik-public
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=traefik-public
-      - "traefik.http.routers.lidarr.rule=(Host(`niefelheim.com`) && Path(`/lidarr`))"
-      - traefik.constraint-label=traefik-public
-      - traefik.http.services.lidarr.loadbalancer.server.port=8686
+  #  expose:
+  #   - 8686/tcp # web ui
+  #  ports:
+  #   - 8686:8686/tcp # web ui
+  #  restart: unless-stopped
+  #  networks:
+  #    - traefik-public
+  #  labels:
+  #    - traefik.enable=true
+  #    - traefik.docker.network=traefik-public
+  #    - "traefik.http.routers.lidarr.rule=(Host(`niefelheim.com`) && Path(`/lidarr`))"
+  #    - traefik.constraint-label=traefik-public
+  #    - traefik.http.services.lidarr.loadbalancer.server.port=8686
     #  # Optional part for traefik middlewares
     #  - traefik.http.routers.lidarr.middlewares=local-ipwhitelist@file
 
   # image used to scan for books
-  readarr:
-    image: linuxserver/readarr:develop
-    container_name: arr-suite-readarr
-    deploy:
-      placement:
-        constraints: [node.label.media_disk == true ]
-    environment:
-      - PUID=991
-      - PGID=101
-      - TZ=Europe/Stockholm
-    volumes:
-      - "readarr:/config"
-      - "/etc/localtime:/etc/localtime:ro"
-      - "/var/cloud/transmission/downloads:/data/torrents"
-      - "/var/cloud/Media/Books:/media/books"
-      - "/var/cloud/Media/Trashcan/Books:/media/trash"
+  #readarr:
+  #  image: linuxserver/readarr:develop
+  #  container_name: arr-suite-readarr
+  #  deploy:
+  #    placement:
+  #      constraints: [node.label.media_disk == true ]
+  #  environment:
+  #    - PUID=991
+  #    - PGID=101
+  #    - TZ=Europe/Stockholm
+  #  volumes:
+  #    - "readarr:/config"
+  #    - "/etc/localtime:/etc/localtime:ro"
+  #    - "/var/cloud/transmission/downloads:/data/torrents"
+  #    - "/var/cloud/Media/Books:/media/books"
+  #    - "/var/cloud/Media/Trashcan/Books:/media/trash"
       #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/readarr:/config
       #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder
-    expose:
-      - 8787/tcp # web ui
-    ports:
-      - 8787:8787/tcp # web ui
-    restart: unless-stopped
-    networks:
-      - traefik-public
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=traefik-public
-      - traefik.constraint-label=traefik-public
-      - "traefik.http.routers.readarr.rule=(Host(`niefelheim.com`) && Path(`/readarr`))"
-      - traefik.http.services.readarr.loadbalancer.server.port=8787
+  #  expose:
+  #    - 8787/tcp # web ui
+  #  ports:
+  #    - 8787:8787/tcp # web ui
+  #  restart: unless-stopped
+  #  networks:
+  #    - traefik-public
+  #  labels:
+  #    - traefik.enable=true
+  #    - traefik.docker.network=traefik-public
+  #    - traefik.constraint-label=traefik-public
+  #    - "traefik.http.routers.readarr.rule=(Host(`niefelheim.com`) && Path(`/readarr`))"
+  #    - traefik.http.services.readarr.loadbalancer.server.port=8787
     #  # Optional part for traefik middlewares
     #  - traefik.http.routers.readarr.middlewares=local-ipwhitelist@file
 
@@ -315,13 +316,13 @@ networks:
 volumes:
   #bazarr:
   #  driver: local
-  lidarr:
-    driver: local
+  #lidarr:
+  #  driver: local
   prowlarr:
     driver: local
-  readarr:
-    driver: local
-  radarr:
-    driver: local
-  sonarr:
-    driver: local
+  #readarr:
+  #  driver: local
+  #radarr:
+  #  driver: local
+  #sonarr:
+  #  driver: local
diff --git a/swarm/traefik/docker-compose.yml b/swarm/traefik/docker-compose.yml
index d7f9c58..22a4f34 100644
--- a/swarm/traefik/docker-compose.yml
+++ b/swarm/traefik/docker-compose.yml
@@ -7,9 +7,9 @@ services:
     image: traefik:v3.0
     ports:
       # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
-      - 80:80
+      #- 80:80
       # Listen on port 443, default for HTTPS
-      - 443:443
+      #- 443:443
       # Listen on port 8080, traefiks web-ui
       - 8080:8080
     deploy:
@@ -23,10 +23,10 @@ services:
         - traefik.enable=true
         # Use the traefik-public network (declared below)
         - traefik.docker-network=traefik-public
-        # User the custome label "traefik.constraint-label=traefik-public"
+        # Use the custome label "traefik.constraint-label=traefik-public"
         # This public Traefik will only use services with this label
         # That way you can add other internal Traefik instances per stack if needed
-        - traefik.constraint-label=traefik-public
+        #- traefik.constraint-label=traefik-public
         # admin-auth middleware with HTTP Basic auth
         # Using the environment variables USERNAME and HASHED_PASSOWRD
         - traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
@@ -57,7 +57,12 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       # Mount the volume to store the certificates
       - traefik-public-certificates:/certificates
+      # Mount the volume to store logs
+      - traefik-logs:/logs
+      # Mount the directory where rules are saved
+      - /data/share/traefik/rules:/rules
     command:
+      - --global.checkNewVersion=true
       # Enable Docker in Traefik, so that it reads labels from Docker services
       - --providers.docker
       # Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
@@ -84,6 +89,15 @@ services:
       - --api=true
       - --api.dashboard=true
       - --api.insecure=true
+      - --log=true
+      - --log.filePath=/logs/trafeik.log
+      - --log.level=INFO
+      - --accessLog=true
+      - --accessLog.filePath=/logs/access.log
+      - --accessLog.bufferingSize=100
+      - --accessLog.filters.statusCodes=204-299,400-499,500-599
+      - --providers.file.directory=rules
+      - --providers.file.watch=true
     networks:
       # Use the public network created to be shared between Traefik and
       # any other service that needs to be publicly available with HTTPS
@@ -94,6 +108,9 @@ volumes:
     # Traefik is always deployed to the same Docker node with the same volume containing
     # the HTTPS certificates
     traefik-public-certificates:
+      driver: local
+    traefik-logs:
+      driver: local
 
 networks:
     # Use the previously created public network "traefik-public", shared with other