spongy/nerm.al
1
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Created backend (markdown)

Spongy 2024-10-14 11:46:06 -04:00
parent fac6a28645
commit c166805b82
1 changed files with 309 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

309
backend.md Normal file

@ -0,0 +1,309 @@
## Contents
1. [*arr apps](#*arr-apps)
2. [Nginx Proxy Manager](#Nginx-Proxy-Manager)
- [Authentik setup](#Authentik-setup)
3. [Downloaders](#Downloaders)
- [Gluetun](#Gluetun)
4. [Logging](#Logging)
## *arr apps
> For configuration see [TRaSH-Guides](https://trash-guides.info/)
<details>
<summary><b>Sonarr</b></summary>
```
services:
sonarr:
container_name: sonarr
restart: unless-stopped
image: ghcr.io/hotio/sonarr
ports:
- "8989:8989"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/sonarr:/config
- /data/media:/data/media
```
</details>
<details>
<summary><b>Radarr</b></summary>
```
radarr:
container_name: radarr
restart: unless-stopped
image: ghcr.io/hotio/radarr
ports:
- "7878:7878"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/radarr:/config
- /data/media:/data/media
```
</details>
<details>
<summary><b>Prowlarr</b></summary>
```
prowlarr:
container_name: prowlarr
restart: unless-stopped
image: ghcr.io/hotio/prowlarr
ports:
- "9696:9696"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/prowlarr:/config
```
</details>
<details>
<summary><b>Bazarr</b></summary>
```
bazarr:
container_name: bazarr
restart: unless-stopped
image: ghcr.io/hotio/bazarr
ports:
- "6767:6767"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/bazarr:/config
- /data/media:/data/media
```
</details>
<details>
<summary><b>Doplarr</b></summary>
```
doplarr:
container_name: doplarr
restart: unless-stopped
image: ghcr.io/hotio/doplarr:latest
env_file:
- ./env/doplarr
environment:
- SONARR__URL=http://sonarr:8989
- RADARR__URL=http://radarr:7878
- LOG_LEVEL=:report
```
</details>
## Nginx Proxy Manager
<details>
<summary>Compose snippet</summary>
```
nginxproxymanager:
container_name: nginxpm
image: jc21/nginx-proxy-manager:latest
restart: unless-stopped
ports:
- "80:80"
- "81:81"
- "443:443"
- "25565:25565"
volumes:
- /docker/config/nginxpm:/data
- /docker/config/letsencrypt:/etc/letsencrypt
- /data/www:/data/www
```
</details>
### Authentik setup
> edit [AUTHENTIK IP] and [AUTHENTIK port]
<details>
<summary> for proxy services add the following to the advanced section of the proxy host </summary>
```
# Increase buffer size for large headers
# This is needed only if you get 'upstream sent too big header while reading response
# header from upstream' error when trying to access an application protected by goauthentik
proxy_buffers 8 16k;
proxy_buffer_size 32k;
location / {
# Put your proxy_pass to your application here
proxy_pass $forward_scheme://$server:$port;
# #########################################
# CUSTOM - START Websocket behind authenticated proxy
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# END Websockets FIX
# #########################################
# authentik-specific config
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
# translate headers from the outposts back to the actual upstream
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
}
# all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
# ################################
# CHANGE IP TO AUTHENTIK IP here.
proxy_pass http://[AUTHENTIK IP]:[AUTHENTIK PORT]/outpost.goauthentik.io;
# ################################
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
# required for POST requests to work
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
# Special location for when the /auth endpoint returns a 401,
# redirect to the /start URL which initiates SSO
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
# return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
}
```
</details>
## Downloaders
<details>
<summary><b>qBittorrent</b></summary>
```
gluetun:
container_name: gluetun
image: qmcgaw/gluetun
restart: unless-stopped
ports:
- "8080:8080"
cap_add:
- NET_ADMIN
env_file:
./env/gluetun
environment:
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=wireguard
- SERVER_COUNTRIES=Canada
- LOG_LEVEL=debug
- OPENVPN_VERSION=2.4
- FIREWALL_VPN_INPUT_PORTS=46575
privileged: true
devices:
- /dev/net/tun:/dev/net/tun
qbittorrent:
container_name: qbittorrent
image: ghcr.io/hotio/qbittorrent
restart: unless-stopped
network_mode: "service:gluetun"
environment:
- WEBUI_PORT=8080
- PUID=950
- PGID=950
volumes:
- /docker/config/qbittorent:/config
- /data/media:/data/media
```
</details>
### Gluetun
Gluetun is used to pass qbittorrent connections through a vpn, if that's not necessary for you it can be omitted, just move the port statement to qbittorrent. If using gluetun research your provider on their [wiki](https://github.com/qdm12/gluetun-wiki/tree/main/setup) and edit the env file accordingly
When using gluetun all references to qbittorrent (eg, qbittorrent:8080) must be done through gluetun (eg, gluetun:8080)
<details>
<summary><b>SABnzbd<b></summary>
```
sabnzbd:
container_name: sabnzbd
image: ghcr.io/hotio/sabnzbd
restart: unless-stopped
ports:
- "8090:8080"
environment:
- PUID=950
- PGID=950
volumes:
- /docker/config/sabnzbd:/config
- /data/media:/data/media
```
</details>
## Logging
<details>
<summary>Grafana</summary>
```
grafana:
container_name: grafana
image: grafana/grafana:latest
restart: unless-stopped
ports:
- "3000:3000"
```
</details>
<details>
<summary>Loki</summary>
```
loki:
container_name: loki
image: grafana/loki:latest
restart: unless-stopped
ports:
- "3100:3100"
volumes:
- /docker/config/loki-config.yml:/etc/loki/loki-config.yml
```
</details>
<details>
<summary>Promtail</summary>
```
promtail:
container_name: promtail
image: grafana/promtail:latest
restart: unless-stopped
volumes:
- /docker/config/promtail-config.yml:/etc/promtail/promtail-config.yml
```
</details>