feat: Refactor Tailscale & Traefik Integration
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Some checks failed
/ validate-docker-compose (push) Has been cancelled
- Integrate Traefik directly with Tailscale network using `network_mode: service:tailscale`.
- Remove direct port mappings for Traefik (80, 443).
- Configure Tailscale container to use `tailscale serve` (Tailnet only) or `tailscale funnel` (public HTTPS) based on `ENABLE_FUNNEL_HTTPS` env var.
- Update Traefik routing rules (`Host()`) to use `${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}` for all services.
- Update Homepage path to `/home` and adjust its Traefik rule.
- Remove Homepage basic authentication variables (`HOMEPAGE_AUTH_USER`, `HOMEPAGE_AUTH_HASH`) from `.env.example` and `README.md`.
- Update `README.md` to reflect new access methods, hostname configuration, and removal of basic auth.
- Add `extra_hosts` to Tailscale service for `host.docker.internal`.
This commit is contained in:
@@ -131,7 +131,7 @@ services:
|
||||
retries: 10
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.bazarr.rule=PathPrefix(`/bazarr`)
|
||||
- traefik.http.routers.bazarr.rule=Host(`${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}`) && PathPrefix(`/bazarr`)
|
||||
- traefik.http.routers.bazarr.entrypoints=web
|
||||
- traefik.http.services.bazarr.loadbalancer.server.port=6767
|
||||
- homepage.group=Download
|
||||
@@ -289,7 +289,7 @@ services:
|
||||
retries: 10
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.qbittorrent.rule=PathPrefix(`/qbittorrent`)
|
||||
- traefik.http.routers.qbittorrent.rule=Host(`${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}`) && PathPrefix(`/qbittorrent`)
|
||||
- traefik.http.routers.qbittorrent.entrypoints=web
|
||||
- traefik.http.services.qbittorrent.loadbalancer.server.port=8080
|
||||
- traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix
|
||||
@@ -359,7 +359,7 @@ services:
|
||||
- PUID=${USER_ID}
|
||||
- PGID=${GROUP_ID}
|
||||
- TZ=${TIMEZONE}
|
||||
- JELLYFIN_PublishedServerUrl=${HOSTNAME}/jellyfin
|
||||
- JELLYFIN_PublishedServerUrl=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}/jellyfin
|
||||
volumes:
|
||||
- ${CONFIG_ROOT:-.}/jellyfin:/config:Z
|
||||
- ${DATA_ROOT}:/data:Z
|
||||
@@ -404,7 +404,7 @@ services:
|
||||
- traefik.http.middlewares.calibre-headers.headers.customRequestHeaders.X-Script-Name=/calibre
|
||||
- traefik.http.middlewares.calibre-stripprefixregex.stripPrefixRegex.regex=/calibre
|
||||
- traefik.http.routers.calibre.middlewares=calibre-headers,calibre-stripprefixregex
|
||||
- traefik.http.routers.calibre.rule=PathPrefix(`/calibre`)
|
||||
- traefik.http.routers.calibre.rule=Host(`${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}`) && PathPrefix(`/calibre`)
|
||||
- traefik.http.routers.calibre.entrypoints=web
|
||||
- traefik.http.services.calibre.loadbalancer.server.port=8083
|
||||
- homepage.group=Media
|
||||
@@ -467,11 +467,8 @@ services:
|
||||
- HOMEPAGE_VAR_WEATHER_LONG=${HOMEPAGE_VAR_WEATHER_LONG}
|
||||
- HOMEPAGE_VAR_WEATHER_TIME=${TIMEZONE}
|
||||
- HOMEPAGE_VAR_WEATHER_UNIT=${HOMEPAGE_VAR_WEATHER_UNIT}
|
||||
# Allow access from localhost, the service name, and the primary HOSTNAME
|
||||
- HOMEPAGE_ALLOWED_HOSTS=localhost,homepage,${HOSTNAME}
|
||||
# Pass auth user/hash if set (optional, for potential future use by homepage itself, though Traefik handles it)
|
||||
- HOMEPAGE_AUTH_USER=${HOMEPAGE_AUTH_USER}
|
||||
- HOMEPAGE_AUTH_HASH=${HOMEPAGE_AUTH_HASH}
|
||||
# Explicitly allow the hostname constructed from Tailscale variables
|
||||
- HOMEPAGE_ALLOWED_HOSTS=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}
|
||||
volumes:
|
||||
- ${CONFIG_ROOT:-.}/homepage:/app/config:Z
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
@@ -481,12 +478,10 @@ services:
|
||||
[sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"]
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.homepage.rule=PathPrefix(`/`)
|
||||
# Change path to /home and use specific Tailscale host
|
||||
- traefik.http.routers.homepage.rule=Host(`${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}`) && PathPrefix(`/home`)
|
||||
- traefik.http.routers.homepage.entrypoints=web
|
||||
# Define Basic Auth Middleware (only active if HOMEPAGE_AUTH_HASH is set in .env)
|
||||
- traefik.http.middlewares.homepage-auth.basicAuth.users=${HOMEPAGE_AUTH_HASH}
|
||||
# Apply Middleware to Router
|
||||
- traefik.http.routers.homepage.middlewares=homepage-auth@docker
|
||||
# Authelia middleware will be added in a later commit
|
||||
- traefik.http.services.homepage.loadbalancer.server.port=3000
|
||||
watchtower:
|
||||
image: ghcr.io/containrrr/watchtower:latest
|
||||
|
||||
Reference in New Issue
Block a user