Fix homepage Traefik network routing and update configurations

- Add traefik.docker.network=traefik-network label to homepage service - Prevent Traefik from using wrong IP from homelab-network - Resolve 504 Gateway Timeout issues after authentication - Update various docker-compose configurations and templates - Clean up unused configuration files
2026-01-30 23:29:00 -05:00
parent 465c10ae42
commit 90a26a9ac4
88 changed files with 3841 additions and 3626 deletions
--- a/docker-compose/vpn/docker-compose.yml
+++ b/docker-compose/vpn/docker-compose.yml
@@ -37,7 +37,7 @@ services:
      - OPENVPN_USER=${SURFSHARK_USERNAME}
      - OPENVPN_PASSWORD=${SURFSHARK_PASSWORD}
      - SERVER_COUNTRIES=${VPN_SERVER_COUNTRIES}
-      - TZ=${TZ}
+      - TZ=America/New_York
    # TRAEFIK CONFIGURATION
    labels:
      # Service metadata
@@ -46,7 +46,7 @@ services:
      - "homelab.description=VPN client for secure downloads"
      - "traefik.enable=true"
      # Router configuration
-      - "traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)"
+      - "traefik.http.routers.qbittorrent.rule=Host(`qbit.kelinreij.duckdns.org`)"
      - "traefik.http.routers.qbittorrent.entrypoints=websecure"
      - "traefik.http.routers.qbittorrent.tls=true"
      - "traefik.http.routers.qbittorrent.middlewares=authelia@docker"
@@ -54,7 +54,7 @@ services:
      - "traefik.http.services.qbittorrent.loadbalancer.server.port=8081"
      # Sablier configuration
      - "sablier.enable=true"
-      - "sablier.group=${SERVER_HOSTNAME}-qbittorrent"
+      - "sablier.group=jasper-qbittorrent"
      - "sablier.sessionDuration=1h"

  # qBittorrent - Torrent client
@@ -77,9 +77,9 @@ services:
      - ./qbittorrent/config:/config
      - /mnt/downloads:/downloads
    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - TZ=${TZ}
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/New_York
      - WEBUI_PORT=8080
    depends_on:
      - gluetun
@@ -92,5 +92,5 @@ networks:

 x-dockge:
  urls:
-    - https://qbit.${DOMAIN}
-    - https://${SERVER_IP}:8081
+    - https://qbit.kelinreij.duckdns.org
+    - https://192.168.4.4:8081
--- a/docker-compose/vpn/docker-compose.yml.template
+++ b/docker-compose/vpn/docker-compose.yml.template
@@ -0,0 +1,96 @@
+# VPN Stack
+# VPN client and VPN-routed download clients
+# Place in /opt/stacks/vpn/docker-compose.yml
+
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
+services:
+  # Gluetun - VPN client (Surfshark)
+  # Routes download clients through VPN for security
+  # VPN service should always run to maintain secure connections
+  gluetun:
+    image: qmcgaw/gluetun:latest
+    container_name: gluetun
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    networks:
+      - homelab-network
+      - traefik-network
+    ports:
+      - "8888:8888/tcp"  # HTTP proxy
+      - "8388:8388/tcp"  # Shadowsocks
+      - "8388:8388/udp"  # Shadowsocks
+      - "8081:8080"      # qBittorrent web UI
+      - "6881:6881"      # qBittorrent
+      - "6881:6881/udp"  # qBittorrent
+    volumes:
+      - ./gluetun:/gluetun
+    environment:
+      - VPN_SERVICE_PROVIDER=surfshark
+      - VPN_TYPE=openvpn
+      - OPENVPN_USER=${SURFSHARK_USERNAME}
+      - OPENVPN_PASSWORD=${SURFSHARK_PASSWORD}
+      - SERVER_COUNTRIES=${VPN_SERVER_COUNTRIES}
+      - TZ=${TZ}
+    # TRAEFIK CONFIGURATION
+    labels:
+      # Service metadata
+      - "com.centurylinklabs.watchtower.enable=true"
+      - "homelab.category=downloaders"
+      - "homelab.description=VPN client for secure downloads"
+      - "traefik.enable=true"
+      # Router configuration
+      - "traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)"
+      - "traefik.http.routers.qbittorrent.entrypoints=websecure"
+      - "traefik.http.routers.qbittorrent.tls=true"
+      - "traefik.http.routers.qbittorrent.middlewares=authelia@docker"
+      # Service configuration
+      - "traefik.http.services.qbittorrent.loadbalancer.server.port=8081"
+      # Sablier configuration
+      - "sablier.enable=true"
+      - "sablier.group=${SERVER_HOSTNAME}-qbittorrent"
+      - "sablier.sessionDuration=1h"
+
+  # qBittorrent - Torrent client
+  # Routes through Gluetun VPN
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    deploy:
+      resources:
+        limits:
+          cpus: '1.0'
+          memory: 512M
+          pids: 1024
+        reservations:
+          cpus: '0.50'
+          memory: 256M
+    container_name: qbittorrent
+    restart: unless-stopped
+    network_mode: "service:gluetun"  # Routes through VPN in same compose file
+    volumes:
+      - ./qbittorrent/config:/config
+      - /mnt/downloads:/downloads
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+      - WEBUI_PORT=8080
+    depends_on:
+      - gluetun
+
+networks:
+  homelab-network:
+    external: true
+  traefik-network:
+    external: true
+
+x-dockge:
+  urls:
+    - https://qbit.${DOMAIN}
+    - https://${SERVER_IP}:8081