Docker/docker-compose.yml

version: '3'

services:

  zigbee2mqtt:
    container_name: zigbee2mqtt
    networks:
      - backend
    image: koenkk/zigbee2mqtt:1.6.0
    volumes:
      - ${DIR}/zigbee2matt:/app/data
    devices:
      - /dev/ttyACM0:/dev/ttyACM0
    restart: always
    environment:
      - TZ=Europe/Stockholm

  grafana:
    image: grafana/grafana:6.4.2
    container_name: grafana
    networks:
      - backend
    volumes:
      # Data persistency
      # sudo mkdir -p /srv/docker/grafana/data; chown 472:472 /srv/docker/grafana/data
      - "${DIR}/grafana:/var/lib/grafana"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)"
      - "traefik.http.routers.grafana.entrypoints=web"
      - "traefik.http.services.grafana-service.loadbalancer.server.port=3000"

  influx:
    image: influxdb:1.7
    container_name: influxdb
    networks:
      - backend
    labels:
      - "traefik.http.routers.influx.entryPoints=port8086"
      - "traefik.http.routers.influx.rule=host(`influx.${DOMAIN}`)"
      - "traefik.http.services.influx-service.loadBalancer.server.port=8086"
    restart: always
    volumes:
      - ${DIR}/influx-data:/var/lib/influxdb
    environment:
      - INFLUXDB_DB=SOME_DB_NAME # set any other to create database on initialization
      - INFLUXDB_HTTP_ENABLED=true
      - INFLUXDB_HTTP_AUTH_ENABLED=true

      - INFLUXDB_ADMIN_USER=SECURE_USERNAME
      - INFLUXDB_ADMIN_PASSWORD=SECURE_PASS

  gitea:
    image: gitea/gitea:1.9.3
    container_name: gitea
    networks:
      - backend
    restart: always
    environment:
      - USER_UID=1000
      - USER_GID=1000
    volumes:
      - ${DIR}/gitea:/data
    ports:
      - "127.0.0.1:2222:22"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
      - "traefik.http.routers.gitea-secure.entrypoints=web-secure"
      - "traefik.http.routers.gitea-secure.rule=Host(`gitea.${DOMAIN}`)"
      - "traefik.http.routers.gitea-secure.tls.certresolver=milvert"


  whoami:
    # A container that exposes an API to show its IP address
    image: containous/whoami
    networks:
      - backend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
      - "traefik.http.routers.whoami.entrypoints=web"
      - "traefik.http.routers.whoami-secure.entrypoints=web-secure"
      - "traefik.http.routers.whoami-secure.rule=Host(`whoami.${DOMAIN}`)"
      - "traefik.http.routers.whoami-secure.tls.certresolver=milvert"

  mqtt:
    image: eclipse-mosquitto:1.6.7
    container_name: mqtt
    networks:
      - frontend
      - backend
    restart: always
    ports:
      - "1885:1883"
      - "9001:9001"
    volumes:
      #- ${DIR}/mosquitto/config:/mosquitto/config
      - ${DIR}/mosquitto/data:/mosquitto/data
      - ${DIR}/mosquitto/log:/mosquitto/log
    labels:
      - "traefik.http.routers.mqtt.rule=Host(`mqtt.${DOMAIN}`)"
      - "traefik.http.routers.mqtt.entrypoints=mqtt"
      - "traefik.http.services.mqtt-service.loadbalancer.server.port=9001"
      - "traefik.enable=true"

  node-red:
    image: nodered/node-red:latest
    container_name: "node-red"
    networks:
      - backend
    environment:
      - TZ=Europe/Stockholm
    ports:
      - "1881:1880"
    #devices:
        #- /dev/ttyAMA0
    restart: unless-stopped
    user: ${UID}
    volumes:
      - ${DIR}/nodered:/data
    labels:
      - "traefik.http.routers.node-red.rule=Host(`nodered.${DOMAIN}`)"
      - "traefik.http.routers.node-red.entrypoints=web"
      - "traefik.http.services.node-red-service.loadbalancer.server.port=1880"
      - "traefik.http.routers.node-red-secure.entrypoints=web-secure"
      - "traefik.http.routers.node-red-secure.rule=Host(`nodered.${DOMAIN}`)"
      - "traefik.http.routers.node-red-secure.tls.certresolver=milvert"
      - "traefik.enable=true"

  domoticz:
    image: linuxserver/domoticz
    container_name: domoticz
    networks:
      - backend
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Stockholm
        #- WEBROOT=domoticz #optional
    volumes:
      - ${DIR}/domoticz:/config
    ports:
      - 8081:8080
        #devices:
        #- path to device:path to device
    restart: unless-stopped
    labels:
      - "traefik.http.routers.domo.rule=Host(`domo.${DOMAIN}`)"
      - "traefik.http.routers.domo.entrypoints=web"
      - "traefik.http.services.domo-service.loadbalancer.server.port=8080"
      - "traefik.enable=true"


  reverse-proxy:
    # The official v2.0 Traefik docker image
    image: traefik:v2.0.6
    container_name: "traefik"
    networks:
      - backend
      - frontend
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.yml:/etc/traefik/traefik.yml
      - ./static_config.yml:/etc/traefik/static_config.yml
        #      - "./log.json:/etc/traefik/log.json"
        #- ./acme.json:/acme.json
      - ./letsencrypt:/letsencrypt
    dns:
      - 8.8.8.8

    labels:
      - "traefik.http.routers.traefik.rule=Host(`tra.${DOMAIN}`)"
      - "traefik.http.routers.traefik.middlewares=redirect@file"
      - "traefik.http.routers.traefik.entrypoints=web"
      - "traefik.http.routers.traefik-secure.entrypoints=web-secure"
      - "traefik.http.routers.traefik-secure.rule=Host(`tra.${DOMAIN}`)"
      - "traefik.http.routers.traefik-secure.tls.certresolver=milvert"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.services.traefik-service.loadbalancer.server.port=8080"
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-secure.middlewares=test-auth"
      - "traefik.http.middlewares.test-auth.basicauth.users=simon:$$apr1$$o3vIe.DX$$3XExiBMe8rUo3HujDSYEo0"

networks:
  frontend:
    external: true
  backend:
    external: false