docker-compose.yml

version: '3.4'
services:
  traefik:
    image: 'traefik:2.11'
    command:
      - --api=true 
      - --entryPoints.console.address=:8080         # ^ Defining port 8080 as "alias" called "console" - this port will be reachable from outside of Traefik container
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http3
      - --experimental.http3=true
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entryPoints.web.http.redirections.entryPoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.permanent=true

      - --providers.docker=true
      - --providers.docker.network=proxy
      - --providers.docker.exposedByDefault=false

      - --certificatesresolvers.le.acme.email=luke_purnell@hotmail.com
      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.le.acme.dnschallenge=true
      - --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
      - --certificatesresolvers.le.acme.dnschallenge.disablepropagationcheck=true
    container_name: 'traefik'
    restart: 'unless-stopped'
    ports:
      - '443:443/tcp'
      - '443:443/udp'
      - '80:80'
      - '8080:8080'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
        #- '/Users/lajp/traefik/acme.json:/acme.json'
      - './letsencrypt:/letsencrypt'
    environment:
      - CF_API_EMAIL=luke_purnell@hotmail.com
      # - CF_API_KEY=016bce37031db2d76ce8f6e8866ddf5501c32
      - CF_DNS_API_TOKEN=Ecl-c3b1QECgoZ7ElFwd78-Gj7LdgjT830eiMt1d
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.admin.basicauth.users=admin:{SHA}/jIOs1SoLMVGd6FMOlt5mF6Ega0=  # * Generate SHA1 to protect access to the Web UI here: https://hostingcanada.org/htpasswd-generator - on this page I used: user/password = admin/greenfrog and got htpasswd: admin:{SHA}/jIOs1SoLMVGd6FMOlt5mF6Ega0=  (https://doc.traefik.io/traefik/middlewares/basicauth/). You can reuse this line multiple times under different containers to protect access to them.  

      - traefik.http.routers.thisproxylocal.rule=Host(`localhost`)            # * Change xxx.xxx.xxx.xxx to your Docker server IP
      - traefik.http.routers.thisproxylocal.entryPoints=console                     # ^ Traefik WebUI is by default exposed on port 8080 so we have to redirect all requests to that port by creating entryPoint equal to "console" - alias that we defined several lines above.
      - traefik.http.routers.thisproxylocal.service=api@internal                    # ^ Enable WebUI service on this specific router.
      - traefik.http.routers.thisproxylocal.middlewares=admin                       # ^ Enabling authentication on this specific router.

                                                                                # Define route/router called "thisproxytls"
      - traefik.http.services.thisproxytls.loadbalancer.server.port=8080            # ^ Define loadBalancer port for WebUI
      - traefik.http.routers.thisproxytls.rule=Host(`home.sub-box.net`)              # * Define URL that will be redirected to this container on port 8080 from https
      - traefik.http.routers.thisproxytls.entrypoints=websecure                     # ^ Just because we defined redirection where any request from the Internet received on port 80 - http will be redirected to port 443 https we open websecure entrypoint as this is from where we will be receiving all the traffick anyway.
      - traefik.http.routers.thisproxytls.service=api@internal                      # ^ Enable WebUI service on this specific router.
      - traefik.http.routers.thisproxytls.middlewares=admin                         # ^ Enabling authentication on this specific router.
      - traefik.http.routers.thisproxytls.tls.certresolver=le
      - "traefik.http.middlewares.cors.headers.accesscontrolallowmethods=*"
      - "traefik.http.middlewares.cors.headers.accesscontrolallowheaders=*"
      - "traefik.http.middlewares.cors.headers.accesscontrolalloworiginlist=*"
      - "traefik.http.middlewares.cors.headers.accesscontrolmaxage=100"
      - "traefik.http.middlewares.cors.headers.addvaryheader=true"


  player:
    image: laker93/player:v2
    restart: unless-stopped
    container_name: "player"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.player.rule=Host(`player.sub-box.net`) || PathPrefix(`/player`)"
      - "traefik.http.services.player.loadbalancer.server.port=9180"
      - "traefik.http.routers.player.entrypoints=websecure"
      - "traefik.http.routers.player.tls.certresolver=le"
      - "traefik.http.middlewares.cors.headers.accesscontrolallowmethods=*"
      - "traefik.http.middlewares.cors.headers.accesscontrolallowheaders=*"
      - "traefik.http.middlewares.cors.headers.accesscontrolalloworiginlist=*"
      - "traefik.http.middlewares.cors.headers.accesscontrolmaxage=100"
      - "traefik.http.middlewares.cors.headers.addvaryheader=true"
    #user: "501:20"
    ports:
      - 9180:9180
    environment:
      # must add this so player can respond to the path player is to be accessed on via traefik
      - PUBLIC_PATH="/player"

  browser:
    image: hurlenko/filebrowser
    container_name: filebrowser
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.browser.rule=Host(`browser.sub-box.net`) || PathPrefix(`/browser`)"
      - "traefik.http.services.browser.loadbalancer.server.port=8080"
      - "traefik.http.routers.browser.entrypoints=websecure"
      - "traefik.http.routers.browser.tls.certresolver=le"
      - "traefik.http.routers.browser.middlewares=cors"
      - "traefik.http.middlewares.cors.headers.accesscontrolallowmethods=*"
      - "traefik.http.middlewares.cors.headers.accesscontrolalloworiginlist=*"
      - "traefik.http.middlewares.cors.headers.accesscontrolallowheaders=*"
      - "traefik.http.middlewares.cors.headers.accesscontrolmaxage=100"
      - "traefik.http.middlewares.cors.headers.addvaryheader=true"

    user: root
    ports:
      - 8081:8080
    volumes:
      - user-updownloads:/data/users:z
      - /Users/lajp/subbox/docker-compose/filebrowser/config:/config
    environment:
      - FB_BASEURL=/browser
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true

  slskd:
    image: slskd/slskd
    container_name: slskd
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.slskd.rule=Host(`slskd.sub-box.net`) || PathPrefix(`/slskd`)"
      - "traefik.http.services.slskd.loadbalancer.server.port=5000"
      - "traefik.http.routers.slskd.entrypoints=websecure"
      - "traefik.http.routers.slskd.tls.certresolver=le"
    ports:
      - "5000:5000"
      - "5001:5001"
      - "50000:50000"
    volumes:
      - "/Users/lajp/traefik/slskd/data/:/app"
      - type: volume
        source: user-updownloads
        target: /app
        volume:
          nocopy: true
          subpath: laker93/downloads
      - "/Users/lajp/traefik/slskd/music/:/music"
    environment:
      SLSKD_SHARED_DIR: /music/Petter
      SLSKD_URL_BASE: /slskd
      SLSKD_HTTP_PORT: 5000
      SLSKD_HTTPS_PORT: 5001
      SLSKD_SLSK_LISTEN_PORT: 50000
    restart: always

  subbox:
    image: laker93/subbox-landing:latest
    restart: unless-stopped
    container_name: subbox
    labels:
      traefik.enable: "true"
      traefik.http.routers.subbox.rule: Host(`sub-box.net`, `www.sub-box.net`)
      traefik.http.services.subbox.loadbalancer.server.port: 8888
      traefik.http.routers.subbox.entrypoints: websecure
      traefik.http.routers.subbox.tls.certresolver: le
      traefik.http.routers.subbox.middlewares: redirect-non-www-to-www
      traefik.http.middlewares.redirect-non-www-to-www.redirectregex.permanent: true
      traefik.http.middlewares.redirect-non-www-to-www.redirectregex.regex: "^https?://(?:www\\.)?(.+)"
      traefik.http.middlewares.redirect-non-www-to-www.redirectregex.replacement: "https://www.$${1}"
    ports:
      - 8888:8888
    environment:
      - APP_ENVIRONMENT=prod

  pymix:
    image: laker93/pymix:v1.1.3
    privileged: true
    restart: unless-stopped
    container_name: pymix
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pymix.rule=Host(`pymix.sub-box.net`) || PathPrefix(`/pymix`)"
      - "traefik.http.services.pymix.loadbalancer.server.port=8002"
      - "traefik.http.routers.pymix.entrypoints=websecure"
      - "traefik.http.routers.pymix.tls.certresolver=le"
    ports:
      - 8002:8002
    volumes:
      - ./db:/pymix/db
      - user-updownloads:/user-updownloads
      - private-music:/private-music
      - private-staged:/private-staged
      - public-staged:/public-staged
      - /Users/lajp/subbox:/subbox
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - APP_ENVIRONMENT=prod

volumes:
  user-updownloads:
    driver: local
    name: user-updownloads
  private-staged:
    driver: local
    name: private-staged
  private-music:
    driver: local
    name: private-music
  public-music:
    driver: local
    name: public-music
  public-staged:
    driver: local
    name: public-staged