docker-compose.servers.yaml

#-------------------------------------------------------------
# Docker compose related to servers
#-------------------------------------------------------------
version: '3.8'

services:
  # Nginx Proxy Manager
  # Nice and simple Nginx UI for managing reverse proxy
  nginx:
    profiles:
      - donotstart #do not start service
    container_name: nginx
    image: jc21/nginx-proxy-manager:latest
    restart: unless-stopped
    ports:
      - 80:80 # HTTP port
      - 443:443 # HTTPS port
      - 8081:81 # Admin Paner port
    environment:
      DB_MYSQL_HOST: ${MYSQL_HOST}
      DB_MYSQL_PORT: ${MYSQL_PORT}
      DB_MYSQL_USER: ${MYSQL_USER}
      DB_MYSQL_PASSWORD: ${MYSQL_PASSWORD}
      DB_MYSQL_NAME: 'nginxproxymanager'
    volumes:
      - ${SELF_HOME_DIR}/nginx-proxy-manager/data:/data
      - ${SELF_HOME_DIR}/nginx-proxy-manager/letsencrypt:/etc/letsencrypt
      - ${SELF_HOME_DIR}/nginx-proxy-manager/log:/var/log
    depends_on:
      - db

  # WireGuard Easy
  # WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography
  # Be sure to forward UDP port 51820 from your router.
  wg-easy:
    profiles:
        - donotstart #do not start service
    container_name: wg-easy
    image: weejewel/wg-easy
    restart: unless-stopped
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - "${SELF_HOME_DIR}/wireguard:/etc/wireguard"
    env_file:
      - .env
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.wireguard-rtr.entrypoints=https"
      - "traefik.http.routers.wireguard-rtr.rule=HostHeader(`WG_HOST`)"
      - "traefik.http.routers.wireguard-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.wireguard-rtr.middlewares=chain-authelia@file"
      ## HTTP Services
      - "traefik.http.routers.wireguard-rtr.service=wireguard-svc"
      - "traefik.http.services.wireguard-svc.loadbalancer.server.port=51821"
      ## UDP
      - "traefik.udp.routers.wireguard-udp.entrypoints=wireguard"
      - "traefik.udp.routers.wireguard-udp.service=wireguard-udp-svc"
      - "traefik.udp.services.wireguard-udp-svc.loadbalancer.server.port=51820"

  # AdGuard Home
  # Free and open source, powerful network-wide ads & trackers blocking DNS server.
  adguardhome:
    profiles:
      - donotstart #do not start service
    container_name: adguardhome
    image: adguard/adguardhome
    restart: unless-stopped
    ports:
      - "53:53/tcp" #plain DNS
      - "53:53/udp" #plain DNS
      - "67:67/udp" #AdGuard Home as a DHCP server
      - "69:68/udp" #AdGuard Home as a DHCP server
      - "69:68/tcp" #AdGuard Home as a DHCP server
      - "3080:80/tcp" #AdGuard Home's admin panel as well as run AdGuard Home as an HTTPS/DNS-over-HTTPS server.
      - "3443:443/tcp" #AdGuard Home's admin panel as well as run AdGuard Home as an HTTPS/DNS-over-HTTPS server.
      - "3443:443/udp" #AdGuard Home's admin panel as well as run AdGuard Home as an HTTPS/DNS-over-HTTPS server.
      - "3001:3000/tcp" #AdGuard Home's admin panel as well as run AdGuard Home as an HTTPS/DNS-over-HTTPS server.
      - "853:853/tcp" #AdGuard Home as a DNS-over-TLS server.
      - "8853:8853/udp" #AdGuard Home as a DNS-over-QUIC server
      - "5443:5443/tcp" #AdGuard Home as a DNSCrypt server
      - "5443:5443/udp" #AdGuard Home as a DNSCrypt server
    volumes:
      - "${SELF_HOME_DIR}/adguardhome/work:/opt/adguardhome/work"
      - "${SELF_HOME_DIR}/adguardhome/conf:/opt/adguardhome/conf"
    env_file:
      - .env
    networks:
      - agh_net

networks:
  agh_net:
    driver: bridge