diff --git a/trilium/docker-compose.yml b/trilium/docker-compose.yml new file mode 100644 index 0000000..864c9d3 --- /dev/null +++ b/trilium/docker-compose.yml @@ -0,0 +1,45 @@ +services: + trilium: + image: ${TRILIUM_IMAGE} + container_name: trilium + restart: unless-stopped + hostname: ${TRILIUM_HOSTNAME} + + environment: + TZ: ${TZ} + + volumes: + - ${TRILIUM_DATA_PATH}:/home/node/trilium-data:Z + + expose: + - "${TRILIUM_HTTP_PORT}" + + networks: + - proxy + + labels: + traefik.enable: "true" + traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK}" + + # Router HTTPS (dos dominios vĂ¡lidos, usando OR) + traefik.http.routers.trilium.rule: "Host(`${TRILIUM_DOMAIN_1}`) || Host(`${TRILIUM_DOMAIN_2}`)" + traefik.http.routers.trilium.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}" + traefik.http.routers.trilium.tls: "true" + traefik.http.routers.trilium.tls.certresolver: "${TRAEFIK_CERTRESOLVER}" + + # Servicio interno + traefik.http.services.trilium.loadbalancer.server.port: "${TRILIUM_HTTP_PORT}" + + # Middleware solo de headers (sin Authentik) + traefik.http.routers.trilium.middlewares: "trilium-sec@docker" + + traefik.http.middlewares.trilium-sec.headers.stsSeconds: "31536000" + traefik.http.middlewares.trilium-sec.headers.stsIncludeSubdomains: "true" + traefik.http.middlewares.trilium-sec.headers.stsPreload: "true" + traefik.http.middlewares.trilium-sec.headers.contentTypeNosniff: "true" + traefik.http.middlewares.trilium-sec.headers.frameDeny: "true" + +networks: + proxy: + external: true + diff --git a/trilium/stack.env b/trilium/stack.env new file mode 100644 index 0000000..849433e --- /dev/null +++ b/trilium/stack.env @@ -0,0 +1,14 @@ +##### Trilium Next ##### +TRILIUM_IMAGE= +TRILIUM_HOSTNAME= +TZ= +TRILIUM_DATA_PATH= +TRILIUM_HTTP_PORT= + +##### Traefik / dominios ##### +TRAEFIK_DOCKER_NETWORK= +TRAEFIK_ENTRYPOINT_SECURE= +TRAEFIK_CERTRESOLVER= +TRILIUM_DOMAIN_1= +TRILIUM_DOMAIN_2= +