Implement Dockge structure with Traefik, Authelia, DuckDNS, and Gluetun VPN

- Update AI copilot instructions for /opt/stacks structure and automated config management - Replace Nginx Proxy Manager with Traefik (file-based configuration for AI) - Add Authelia for SSO with bypass rules for Jellyfin/Plex apps - Add DuckDNS for dynamic DNS with Let's Encrypt integration - Add Gluetun VPN with Surfshark (WireGuard) for secure downloads - Update all services to use /opt/stacks paths instead of local directories - Add Traefik labels to all services for automatic routing - Configure qBittorrent to route through Gluetun VPN - Update .env.example with all new required variables - Create configuration templates for Traefik and Authelia - Add comprehensive Dockge deployment guide Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
2026-01-12 00:13:55 +00:00
parent 6083da7036
commit f9a34fe9c7
13 changed files with 1082 additions and 112 deletions
--- a/config-templates/traefik/dynamic/routes.yml
+++ b/config-templates/traefik/dynamic/routes.yml
@@ -0,0 +1,31 @@
+# Traefik Dynamic Configuration
+# Copy to /opt/stacks/traefik/dynamic/routes.yml
+# Add custom routes here that aren't defined via Docker labels
+
+http:
+  routers:
+    # Example custom route
+    # custom-service:
+    #   rule: "Host(`custom.example.com`)"
+    #   entryPoints:
+    #     - websecure
+    #   middlewares:
+    #     - authelia@docker
+    #   tls:
+    #     certResolver: letsencrypt
+    #   service: custom-service
+  
+  services:
+    # Example custom service
+    # custom-service:
+    #   loadBalancer:
+    #     servers:
+    #       - url: "http://192.168.1.100:8080"
+  
+  middlewares:
+    # Additional middlewares can be defined here
+    # Example: Rate limiting
+    # rate-limit:
+    #   rateLimit:
+    #     average: 100
+    #     burst: 50
--- a/config-templates/traefik/traefik.yml
+++ b/config-templates/traefik/traefik.yml
@@ -0,0 +1,58 @@
+# Traefik Static Configuration
+# Copy to /opt/stacks/traefik/traefik.yml
+
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: false
+
+api:
+  dashboard: true
+  insecure: false  # Dashboard accessible via Traefik route with Authelia
+
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        certResolver: letsencrypt
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: ${ACME_EMAIL}
+      storage: /acme.json
+      # Use HTTP challenge (port 80 must be accessible)
+      httpChallenge:
+        entryPoint: web
+      # Or use DNS challenge (requires API token):
+      # dnsChallenge:
+      #   provider: duckdns
+      #   resolvers:
+      #     - "1.1.1.1:53"
+      #     - "8.8.8.8:53"
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false  # Only expose services with traefik.enable=true
+    network: traefik-network
+  
+  file:
+    directory: /dynamic
+    watch: true
+
+log:
+  level: INFO  # DEBUG, INFO, WARN, ERROR
+  filePath: /var/log/traefik/traefik.log
+
+accessLog:
+  filePath: /var/log/traefik/access.log
+  bufferingSize: 100