-
Notifications
You must be signed in to change notification settings - Fork 1
/
docker-compose.yaml
133 lines (126 loc) · 4.4 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
version: '3.5'
services:
# DoH server container
doh_server:
container_name: doh_server
hostname: ${HOST_NAME}
image: goofball222/dns-over-https:latest
volumes:
- ./doh-docker/configs/doh-server.conf:/opt/dns-over-https/conf/doh-server.conf
expose:
- "8053"
networks:
dns_network0:
ipv4_address: 172.16.1.3
restart: always
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK:-traefik_proxy}
##### http
### services
# backend port
- traefik.http.services.svc_DohServer.loadbalancer.server.port=8053
### routers
# DoH forward
- traefik.http.routers.rou_DohServer.entrypoints=https
- traefik.http.routers.rou_DohServer.rule=Host(`doh.${DOMAIN}`) && Path(`/dns-query`)
- traefik.http.routers.rou_DohServer.tls=true
- traefik.http.routers.rou_DohServer.tls.options=default
- traefik.http.routers.rou_DohServer.middlewares=mdw_SecureHeaders@file
- traefik.http.routers.rou_DohServer.service=svc_DohServer
# pihole container
pihole:
container_name: pihole
hostname: ${HOST_NAME}
depends_on:
- unbound
image: pihole/pihole:latest
environment:
- TZ=${TIMEZONE:-Europe/London}
- ServerIP=${HOST_IP}
- DNS1=172.16.1.5#53
- DNS2=no
- DOMAIN=${DOMAIN}
- HOST_IP=${HOST_IP}
volumes:
- ./pihole-docker/resolv.conf:/etc/resolv.conf
- ./pihole-docker/configs/pihole/:/etc/pihole/
- ./pihole-docker/configs/dnsmasq.d/dnsmasq.conf:/etc/dnsmasq.d/02-custom.conf
- ./pihole-docker/01-conf-dnsmasq.sh:/etc/cont-init.d/01-conf-dnsmasq.sh
ports:
- "53:53/tcp"
- "53:53/udp"
expose:
- "80"
networks:
dns_network0:
ipv4_address: 172.16.1.4
dns:
- 127.0.0.1
restart: always
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK:-traefik_proxy}
##### http
### services
# backend port
- traefik.http.services.svc_PiholeGui.loadbalancer.server.port=80
### middleware
# redirecting pi.hole
- traefik.http.middlewares.mdw_RedirectPihole.redirectregex.permanent=true
- traefik.http.middlewares.mdw_RedirectPihole.redirectregex.regex=^.*pi\.hole(.*)
- traefik.http.middlewares.mdw_RedirectPihole.redirectregex.replacement=https://pihole.${DOMAIN}$$1
# make sure `/admin` is there
- traefik.http.middlewares.mdw_AddAdminPath.replacepathregex.regex=^/((?i:(admin)/{0,1}|.{0})(.*))
- traefik.http.middlewares.mdw_AddAdminPath.replacepathregex.replacement=/admin/$$3
# pihole chain
- traefik.http.middlewares.mdw_PiholeChain.chain.middlewares=mdw_RedirectPihole,mdw_AddAdminPath,mdw_SecureHeaders@file
### routers
# pihole dashboard
- traefik.http.routers.rou_PiholeGui.entrypoints=https
- traefik.http.routers.rou_PiholeGui.rule=Host(`pihole.${DOMAIN}`,`pi.hole`)
- traefik.http.routers.rou_PiholeGui.tls=true
- traefik.http.routers.rou_PiholeGui.tls.options=default
- traefik.http.routers.rou_PiholeGui.middlewares=mdw_PiholeChain
- traefik.http.routers.rou_PiholeGui.service=svc_PiholeGui
# ##### tcp
# ### services
# # backend port
# - traefik.tcp.services.svc_PiholeDns.loadbalancer.server.port=53
# ### routers
# # DoT forward
# - traefik.tcp.routers.rou_PiholeDot.entrypoints=dot
# - traefik.tcp.routers.rou_PiholeDot.rule=HostSNI(`dot.${DOMAIN}`)
# - traefik.tcp.routers.rou_PiholeDot.tls=true
# - traefik.tcp.routers.rou_PiholeDot.tls.options=default
# - traefik.tcp.routers.rou_PiholeDot.service=svc_PiholeDns
# unbound container
unbound:
container_name: unbound
hostname: ${HOST_NAME}
image: mvance/${UNBOUND_VARIANT:-unbound}:latest
environment:
- TZ=${TIMEZONE:-Europe/London}
volumes:
- ./unbound-docker/configs:/opt/unbound/etc/unbound/
- ./unbound-docker/var:/opt/unbound/etc/unbound/var/
- ./unbound-docker/unbound.log:/opt/unbound/etc/unbound/var/log/unbound/unbound.log
expose:
- "53"
networks:
dns_network0:
ipv4_address: 172.16.1.5
restart: always
labels:
- traefik.enable=false
networks:
# Bridge network for internal communication
dns_network0:
name: dns_network0
driver: bridge
driver_opts:
encrypted: "true"
ipam:
config:
- subnet: 172.16.1.0/24
attachable: false