2025-07-27 14:26:30 +00:00
|
|
|
version: "3.9"
|
|
|
|
|
|
|
|
|
|
services:
|
2025-07-27 15:07:57 +00:00
|
|
|
shelfy:
|
|
|
|
|
build:
|
|
|
|
|
context: .
|
|
|
|
|
dockerfile: Dockerfile
|
2025-07-27 14:26:30 +00:00
|
|
|
container_name: shelfy-go
|
|
|
|
|
working_dir: /app
|
|
|
|
|
ports:
|
2025-08-18 16:20:06 +00:00
|
|
|
- "8090:8080"
|
2025-08-18 17:07:50 +00:00
|
|
|
- "2121:2121"
|
|
|
|
|
- "30000-30100:30000-30100"
|
|
|
|
|
- "2222:2222"
|
2025-07-27 15:07:57 +00:00
|
|
|
extra_hosts:
|
2025-08-18 17:07:50 +00:00
|
|
|
- "dockerhost:host-gateway"
|
|
|
|
|
environment:
|
|
|
|
|
- SHELFY_DATA_DIR=/app/data # si ton code lit cette var (cf. patch précédent)
|
2025-07-27 15:07:57 +00:00
|
|
|
volumes:
|
2025-07-27 16:09:37 +00:00
|
|
|
- shelfy_upload:/app/upload
|
2025-08-18 17:37:38 +00:00
|
|
|
- shelfy_data:/app/data
|
|
|
|
|
- shelfy_logs:/var/log/shelfy # <--- MONTE TON FRONT (lecture seule)
|
2025-08-18 17:28:48 +00:00
|
|
|
# <-- logs lus par Fail2ban
|
2025-08-18 17:45:26 +00:00
|
|
|
labels:
|
|
|
|
|
- traefik.enable=true
|
|
|
|
|
- traefik.docker.network=dokploy-network
|
|
|
|
|
|
|
|
|
|
# --- HTTPS direct sur media.canguidev.fr ---
|
|
|
|
|
- traefik.http.routers.media.rule=Host(`media.canguidev.fr`)
|
|
|
|
|
- traefik.http.routers.media.entrypoints=websecure
|
|
|
|
|
- traefik.http.routers.media.tls=true
|
|
|
|
|
- traefik.http.routers.media.tls.certresolver=letsencrypt
|
|
|
|
|
- traefik.http.services.media.loadbalancer.server.port=8080
|
|
|
|
|
- traefik.http.routers.media.service=media
|
|
|
|
|
|
|
|
|
|
# --- Redirect HTTP -> HTTPS (AUCUN @file) ---
|
|
|
|
|
- traefik.http.routers.media-redirect.rule=Host(`media.canguidev.fr`)
|
|
|
|
|
- traefik.http.routers.media-redirect.entrypoints=web
|
|
|
|
|
- traefik.http.routers.media-redirect.middlewares=redirect-to-https
|
|
|
|
|
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
|
|
|
|
|
|
|
|
|
|
# --- (facultatif) tes headers WebDAV, ils ne redirigent pas ---
|
|
|
|
|
- traefik.http.routers.shelfy.middlewares=webdav-allow-methods@docker
|
|
|
|
|
- traefik.http.middlewares.webdav-allow-methods.headers.accesscontrolallowmethods=GET,PUT,POST,DELETE,PROPFIND,OPTIONS,LOCK,UNLOCK,HEAD
|
|
|
|
|
- traefik.http.middlewares.webdav-allow-methods.headers.accesscontrolallowheaders=Authorization,Depth,Content-Type,If-Modified-Since,User-Agent,Destination,Overwrite
|
|
|
|
|
|
|
|
|
|
dns:
|
|
|
|
|
- 8.8.8.8
|
|
|
|
|
- 1.1.1.1
|
|
|
|
|
restart: unless-stopped
|
2025-08-18 17:07:50 +00:00
|
|
|
# ⚠️ Supprime la directive 'command:' ici, l'ENTRYPOINT du Dockerfile s'en charge.
|
|
|
|
|
|
|
|
|
|
fail2ban:
|
|
|
|
|
image: crazymax/fail2ban:latest
|
|
|
|
|
container_name: fail2ban
|
|
|
|
|
network_mode: host
|
|
|
|
|
cap_add:
|
|
|
|
|
- NET_ADMIN
|
|
|
|
|
- NET_RAW
|
|
|
|
|
environment:
|
|
|
|
|
- TZ=Europe/Paris
|
|
|
|
|
- F2B_LOG_TARGET=STDOUT
|
|
|
|
|
- F2B_DB_PURGE_AGE=1d
|
|
|
|
|
volumes:
|
|
|
|
|
- ./fail2ban:/data
|
|
|
|
|
- shelfy_logs:/var/log/shelfy:ro
|
|
|
|
|
restart: unless-stopped
|
2025-07-27 14:26:30 +00:00
|
|
|
|
|
|
|
|
volumes:
|
2025-07-27 15:07:57 +00:00
|
|
|
shelfy_upload:
|
2025-08-18 17:07:50 +00:00
|
|
|
shelfy_data:
|
|
|
|
|
shelfy_logs:
|
