diff --git a/jellyfin/Caddyfile b/jellyfin/Caddyfile new file mode 100644 index 0000000..8007381 --- /dev/null +++ b/jellyfin/Caddyfile @@ -0,0 +1,28 @@ +{ + email {env.LETSENCRYPT_EMAIL} +} + +*.lan.poldebra.me { + tls { + dns namecheap { + api_key {env.NAMECHEAP_API_KEY} + user {env.NAMECHEAP_API_USER} + api_endpoint https://api.namecheap.com/xml.response + } + resolvers 1.1.1.1 8.8.8.8 + } + + @media host media.lan.poldebra.me + handle @media { + header { + X-Real-IP {remote_host} + X-Forwarded-For {remote_host} + X-Forwarded-Proto {scheme} + X-Forwarded-Host {host} + X-Forwarded-Port {server_port} + } + reverse_proxy 172.21.0.5:8096 { + header_up X-Forwarded-Proto {scheme} + } + } +} diff --git a/jellyfin/Caddyfile.local b/jellyfin/Caddyfile.local new file mode 100644 index 0000000..ba20a22 --- /dev/null +++ b/jellyfin/Caddyfile.local @@ -0,0 +1,15 @@ +media.lan.poldebra.me { + tls /cert.crt /cert.key + + header { + X-Real-IP {remote_host} + X-Forwarded-For {remote_host} + X-Forwarded-Proto {scheme} + X-Forwarded-Host {host} + X-Forwarded-Port {server_port} + } + + reverse_proxy 172.21.0.5:8096 { + header_up X-Forwarded-Proto {scheme} + } +} diff --git a/jellyfin/docker-compose.yml b/jellyfin/docker-compose.yml new file mode 100644 index 0000000..b029a07 --- /dev/null +++ b/jellyfin/docker-compose.yml @@ -0,0 +1,106 @@ +services: + tailscale: + hostname: media + image: tailscale/tailscale:latest + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "tailscale status"] + interval: 1s + timeout: 5s + retries: 60 + volumes: + - /srv/docker/jellyfin/tailscale:/var/lib + - /lib/modules:/lib/modules:ro + devices: + - /dev/net/tun:/dev/net/tun + cap_add: + - net_admin + - sys_module + - net_raw + command: tailscaled + networks: + - internal + logging: + driver: "json-file" + options: + mode: "non-blocking" + max-size: "10m" + max-file: "3" + + reverse_proxy: + image: caddybuilds/caddy-namecheap:2-alpine + restart: unless-stopped + network_mode: service:tailscale + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile:ro + - /srv/docker/jellyfin/caddy/config/:/config/caddy:rw + - /srv/docker/jellyfin/caddy/data/:/data/caddy:rw + - /srv/docker/jellyfin/caddy/share/:/usr/share/caddy:rw + env_file: + - caddy.env + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "https://media.lan.poldebra.me"] + interval: 10s + timeout: 30s + retries: 5 + start_period: 90s + depends_on: + app: + condition: service_started + tailscale: + condition: service_healthy + logging: + driver: "json-file" + options: + mode: "non-blocking" + max-size: "10m" + max-file: "3" + + lan_reverse_proxy: + image: caddy/caddy + restart: unless-stopped + ports: + - "443:443" + volumes: + - ./Caddyfile.local:/etc/caddy/Caddyfile:ro + - /srv/docker/jellyfin/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.lan.poldebra.me/wildcard_.lan.poldebra.me.crt:/cert.crt:ro + - /srv/docker/jellyfin/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.lan.poldebra.me/wildcard_.lan.poldebra.me.key:/cert.key:ro + networks: + - internal + depends_on: + app: + condition: service_started + logging: + driver: "json-file" + options: + mode: "non-blocking" + max-size: "10m" + max-file: "3" + + app: + image: jellyfin/jellyfin + restart: unless-stopped + hostname: app + container_name: jellyfin + user: 1000:1000 + # network_mode: "host" # temporarily disabled, see https://github.com/jwilder/nginx-proxy/issues/1059 + volumes: + - /srv/docker/jellyfin/config:/config + - /opt/bak/davide/backup_poldebra_nas/Film/SerieTV/:/tv + - /opt/bak/davide/backup_poldebra_nas/Film/Videoteca/:/movies + - /opt/bak/davide/backup_poldebra_nas/Musica/:/music:ro + networks: + internal: + ipv4_address: 172.21.0.5 + logging: + driver: "json-file" + options: + mode: "non-blocking" + max-size: "10m" + max-file: "3" + +networks: + internal: + ipam: + config: + - subnet: 172.21.0.0/24