44 lines
1.4 KiB
YAML
44 lines
1.4 KiB
YAML
services:
|
|
adguardhome:
|
|
image: ${ADGUARD_IMAGE}
|
|
container_name: adguardhome
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
- ${ADGUARD_WORK_PATH}:/opt/adguardhome/work:Z
|
|
- ${ADGUARD_CONF_PATH}:/opt/adguardhome/conf:Z
|
|
- ${ADGUARD_CERT_CRT_PATH}:/certs/adguard.crt:ro,Z
|
|
- ${ADGUARD_CERT_KEY_PATH}:/certs/adguard.key:ro,Z
|
|
|
|
# Solo DNS/DoT expuestos en el host
|
|
ports:
|
|
# - "53:53/tcp"
|
|
# - "53:53/udp"
|
|
- "${ADGUARD_DOT_PORT}:853/tcp" # DoT para Android (DNS privado)
|
|
# - "81:80/tcp"
|
|
|
|
networks:
|
|
proxy:
|
|
ipv4_address: ${ADGUARD_IPV4}
|
|
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK}"
|
|
|
|
# Router HTTPS para el panel web
|
|
traefik.http.routers.adguard.rule: "Host(`${ADGUARD_DOMAIN}`)"
|
|
traefik.http.routers.adguard.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
|
|
traefik.http.routers.adguard.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
|
|
|
|
# Panel interno de AdGuard (HTTP en el contenedor)
|
|
# OJO: si es la primera vez y el panel escucha en 3000, cambia a 3000
|
|
traefik.http.services.adguard.loadbalancer.server.port: "${ADGUARD_HTTP_PORT}"
|
|
|
|
# Proteger el panel con Authentik (middleware definido en authentik-server)
|
|
traefik.http.routers.adguard.middlewares: "${TRAEFIK_AUTH_MIDDLEWARE}"
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
|