bMINI

2025-06-20 19:38:38 -06:00
parent 6695ad06a6
commit 6a34f34b51
52 changed files with 1333 additions and 1055 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,6 +3,10 @@ version: "3"
 networks:
  gitea:
    external: false
+  traefik:
+    external: true
+  immich_default:
+    external: true

 volumes:
  gitea-data:
@@ -15,18 +19,20 @@ services:
    container_name: traefik
    restart: always
    ports:
-      - "80:80"      # HTTP
-      - "443:443"    # HTTPS
-      - "8080:8080"  # Dashboard
+      - "8080:80"      # HTTP (changed from 80 to 8080 for ISP testing)
+      - "8443:443"     # HTTPS (changed from 443 to 8443 for ISP testing)
+      - "8081:8080"    # Dashboard (changed to avoid conflict)
+
    networks:
      - gitea
+      - traefik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-certs:/letsencrypt
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
-      - "--providers.docker.network=gitea-docker_gitea"
+      - "--providers.docker.network=traefik"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
@@ -53,7 +59,7 @@ services:
      - GITEA__database__PASSWD=gitea
      # Server Configuration
      - GITEA__server__DOMAIN=bee8333.ddns.net
-      - GITEA__server__ROOT_URL=https://bee8333.ddns.net/
+      - GITEA__server__ROOT_URL=https://bee8333.ddns.net/gitea/
      - GITEA__server__PROTOCOL=http
      - GITEA__server__HTTP_PORT=3000
      - GITEA__server__SSH_DOMAIN=bee8333.ddns.net
@@ -68,30 +74,63 @@ services:
    restart: always
    networks:
      - gitea
+      - traefik
    volumes:
      - gitea-data:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
+#      - /etc/timezone:/etc/timezone:ro
+#      - /etc/localtime:/etc/localtime:ro
    ports:
      - "2224:22"    # SSH: Host port 2224 -> Container port 22
    depends_on:
      - db
    labels:
      - "traefik.enable=true"
-      # HTTP Configuration for HTTPS access
-      - "traefik.http.routers.gitea.rule=Host(`bee8333.ddns.net`)"
+      - "traefik.docker.network=traefik"
+      # HTTPS Configuration for /gitea subpath
+      - "traefik.http.routers.gitea.rule=Host(`bee8333.ddns.net`) && PathPrefix(`/gitea`)"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.gitea.priority=10"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+      - "traefik.http.middlewares.gitea-stripprefix.stripprefix.prefixes=/gitea"
      - "traefik.http.middlewares.gitea-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.gitea.middlewares=gitea-headers@docker"
+      - "traefik.http.routers.gitea.middlewares=gitea-stripprefix@docker,gitea-headers@docker"
      # HTTP Configuration for HTTP -> HTTPS redirection
-      - "traefik.http.routers.gitea-http.rule=Host(`bee8333.ddns.net`)"
+      - "traefik.http.routers.gitea-http.rule=Host(`bee8333.ddns.net`) && PathPrefix(`/gitea`)"
      - "traefik.http.routers.gitea-http.entrypoints=web"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
      - "traefik.http.routers.gitea-http.middlewares=https-redirect@docker"

+  headscale:
+    image: headscale/headscale:latest
+    container_name: headscale
+    restart: unless-stopped
+    ports:
+      - "3478:3478/udp"  # STUN for DERP relay
+    volumes:
+      - ./headscale/config:/etc/headscale
+      - ./headscale/data:/var/lib/headscale
+    command: serve
+    networks:
+      - gitea
+      - traefik
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      # HTTPS Configuration for /headscale subpath
+      - "traefik.http.routers.headscale.rule=Host(`bee8333.ddns.net`) && PathPrefix(`/headscale`)"
+      - "traefik.http.routers.headscale.entrypoints=websecure"
+      - "traefik.http.routers.headscale.tls.certresolver=letsencrypt"
+      - "traefik.http.services.headscale.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.headscale-stripprefix.stripprefix.prefixes=/headscale"
+      - "traefik.http.middlewares.headscale-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.routers.headscale.middlewares=headscale-stripprefix@docker,headscale-headers@docker"
+      # HTTP Configuration for HTTP -> HTTPS redirection
+      - "traefik.http.routers.headscale-http.rule=Host(`bee8333.ddns.net`) && PathPrefix(`/headscale`)"
+      - "traefik.http.routers.headscale-http.entrypoints=web"
+      - "traefik.http.routers.headscale-http.middlewares=https-redirect@docker"
+
  db:
    image: postgres:14
    container_name: gitea-db