trilium

2025-12-03 14:51:13 +00:00
parent 2045bda9b5
commit 1a2c6c236a
2 changed files with 59 additions and 0 deletions
--- a/trilium/docker-compose.yml
+++ b/trilium/docker-compose.yml
@@ -0,0 +1,45 @@
+services:
+  trilium:
+    image: ${TRILIUM_IMAGE}
+    container_name: trilium
+    restart: unless-stopped
+    hostname: ${TRILIUM_HOSTNAME}
+
+    environment:
+      TZ: ${TZ}
+
+    volumes:
+      - ${TRILIUM_DATA_PATH}:/home/node/trilium-data:Z
+
+    expose:
+      - "${TRILIUM_HTTP_PORT}"
+
+    networks:
+      - proxy
+
+    labels:
+      traefik.enable: "true"
+      traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK}"
+    
+      # Router HTTPS (dos dominios válidos, usando OR)
+      traefik.http.routers.trilium.rule: "Host(`${TRILIUM_DOMAIN_1}`) || Host(`${TRILIUM_DOMAIN_2}`)"
+      traefik.http.routers.trilium.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
+      traefik.http.routers.trilium.tls: "true"
+      traefik.http.routers.trilium.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
+    
+      # Servicio interno
+      traefik.http.services.trilium.loadbalancer.server.port: "${TRILIUM_HTTP_PORT}"
+    
+      # Middleware solo de headers (sin Authentik)
+      traefik.http.routers.trilium.middlewares: "trilium-sec@docker"
+    
+      traefik.http.middlewares.trilium-sec.headers.stsSeconds: "31536000"
+      traefik.http.middlewares.trilium-sec.headers.stsIncludeSubdomains: "true"
+      traefik.http.middlewares.trilium-sec.headers.stsPreload: "true"
+      traefik.http.middlewares.trilium-sec.headers.contentTypeNosniff: "true"
+      traefik.http.middlewares.trilium-sec.headers.frameDeny: "true"
+
+networks:
+  proxy:
+    external: true
+