1
Backend
Spongy edited this page 2024-10-14 11:46:44 -04:00
Table of Contents
Contents
*arr apps
For configuration see TRaSH-Guides
Sonarr
services:
sonarr:
container_name: sonarr
restart: unless-stopped
image: ghcr.io/hotio/sonarr
ports:
- "8989:8989"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/sonarr:/config
- /data/media:/data/media
Radarr
radarr:
container_name: radarr
restart: unless-stopped
image: ghcr.io/hotio/radarr
ports:
- "7878:7878"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/radarr:/config
- /data/media:/data/media
Prowlarr
prowlarr:
container_name: prowlarr
restart: unless-stopped
image: ghcr.io/hotio/prowlarr
ports:
- "9696:9696"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/prowlarr:/config
Bazarr
bazarr:
container_name: bazarr
restart: unless-stopped
image: ghcr.io/hotio/bazarr
ports:
- "6767:6767"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/bazarr:/config
- /data/media:/data/media
Doplarr
doplarr:
container_name: doplarr
restart: unless-stopped
image: ghcr.io/hotio/doplarr:latest
env_file:
- ./env/doplarr
environment:
- SONARR__URL=http://sonarr:8989
- RADARR__URL=http://radarr:7878
- LOG_LEVEL=:report
Nginx Proxy Manager
Compose snippet
nginxproxymanager:
container_name: nginxpm
image: jc21/nginx-proxy-manager:latest
restart: unless-stopped
ports:
- "80:80"
- "81:81"
- "443:443"
- "25565:25565"
volumes:
- /docker/config/nginxpm:/data
- /docker/config/letsencrypt:/etc/letsencrypt
- /data/www:/data/www
Authentik setup
edit [AUTHENTIK IP] and [AUTHENTIK port]
for proxy services add the following to the advanced section of the proxy host
# Increase buffer size for large headers
# This is needed only if you get 'upstream sent too big header while reading response
# header from upstream' error when trying to access an application protected by goauthentik
proxy_buffers 8 16k;
proxy_buffer_size 32k;
location / {
# Put your proxy_pass to your application here
proxy_pass $forward_scheme://$server:$port;
# #########################################
# CUSTOM - START Websocket behind authenticated proxy
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# END Websockets FIX
# #########################################
# authentik-specific config
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
# translate headers from the outposts back to the actual upstream
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
}
# all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
# ################################
# CHANGE IP TO AUTHENTIK IP here.
proxy_pass http://[AUTHENTIK IP]:[AUTHENTIK PORT]/outpost.goauthentik.io;
# ################################
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
# required for POST requests to work
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
# Special location for when the /auth endpoint returns a 401,
# redirect to the /start URL which initiates SSO
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
# return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
}
Downloaders
qBittorrent
gluetun:
container_name: gluetun
image: qmcgaw/gluetun
restart: unless-stopped
ports:
- "8080:8080"
cap_add:
- NET_ADMIN
env_file:
./env/gluetun
environment:
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=wireguard
- SERVER_COUNTRIES=Canada
- LOG_LEVEL=debug
- OPENVPN_VERSION=2.4
- FIREWALL_VPN_INPUT_PORTS=46575
privileged: true
devices:
- /dev/net/tun:/dev/net/tun
qbittorrent:
container_name: qbittorrent
image: ghcr.io/hotio/qbittorrent
restart: unless-stopped
network_mode: "service:gluetun"
environment:
- WEBUI_PORT=8080
- PUID=950
- PGID=950
volumes:
- /docker/config/qbittorent:/config
- /data/media:/data/media
Gluetun
Gluetun is used to pass qbittorrent connections through a vpn, if that's not necessary for you it can be omitted, just move the port statement to qbittorrent. If using gluetun research your provider on their wiki and edit the env file accordingly
When using gluetun all references to qbittorrent (eg, qbittorrent:8080) must be done through gluetun (eg, gluetun:8080)
SABnzbd
sabnzbd:
container_name: sabnzbd
image: ghcr.io/hotio/sabnzbd
restart: unless-stopped
ports:
- "8090:8080"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/sabnzbd:/config
- /data/media:/data/media
Logging
Grafana
grafana:
container_name: grafana
image: grafana/grafana:latest
restart: unless-stopped
ports:
- "3000:3000"
Loki
loki:
container_name: loki
image: grafana/loki:latest
restart: unless-stopped
ports:
- "3100:3100"
volumes:
- /docker/config/loki-config.yml:/etc/loki/loki-config.yml
Promtail
promtail:
container_name: promtail
image: grafana/promtail:latest
restart: unless-stopped
volumes:
- /docker/config/promtail-config.yml:/etc/promtail/promtail-config.yml