Issue: Option 3 deployment failed because traefik-network wasn't created,
but the cleanup function didn't properly strip network references from files.
Changes:
- scripts/ez-homelab.sh: Add traefik-network creation in Step 2
(Network is harmless if unused - prevents docker compose errors)
- Improve sed patterns in configure_remote_server_routing():
* Use anchored patterns (^ and $) to match exact lines
* Fix network removal regex to match indentation correctly
The traefik-network will exist but remain unused on additional servers.
Services are accessed via core Traefik's manual HTTP routes.
- Add ports 80/443 to remote Traefik template
- Enable API access (insecure=true) for debugging
- Update configure_remote_server_routing to use HTTP-only config
- Change entrypoint from websecure to web
- Remove TLS cert resolver references
- Remove authelia middleware references
- Replace Docker TLS provider with manual HTTP routes
- Core Traefik now uses file provider with direct URLs
- Fixes 404/gateway timeout errors on remote services
- Routes HTTPS from core to HTTP on remote servers
- Fix port in routes (dozzle uses 8085, not 8082)
Resolves issues with remote server service accessibility.
Major features:
- Automated SSH key setup between remote and core servers
- Docker TLS configuration with shared CA certificates
- Automatic deployment of Dockge, Traefik, Sablier, and Infrastructure stacks
- Copy all stacks (except core) to remote server for on-demand deployment
- New standalone Traefik stack for remote server container discovery
- Locale-aware SSH/SCP commands to handle Raspberry Pi warnings
- Variable expansion support in .env files (${VAR} references)
- Comprehensive error handling and verbose deployment logging
Technical improvements:
- setup_ssh_key_to_core() - Automated RSA 4096-bit key generation and installation
- setup_multi_server_tls() - Fetch shared CA from core server via SSH
- copy_all_stacks_for_remote() - Deploy all stacks except core
- deploy_traefik_stack() - Local Traefik for container discovery
- Enhanced localization with envsubst support
- Docker network creation (traefik-network, homelab-network)
- Password authentication with special character handling
Fixes:
- Fixed SSH key path handling for non-root users
- Fixed SCP exit code checking (was checking grep instead of scp)
- Fixed CA file detection with proper test commands
- Removed unnecessary prepare_deployment() function call
- Added ACTUAL_USER variable initialization for remote deployments
Introduce multi-server architecture documentation and reorganize README content. Top-level README now documents Core vs Remote server roles, links to local docs instead of wiki pages, and highlights Traefik/Sablier multi-server behavior. docker-compose/README.md was rewritten to be a template-style reference with single- and multi-server deployment guidance, Traefik label examples, and sablier usage; dockge README was moved into docker-compose/dockge/. docker-compose/core/README.md was updated to describe core responsibilities, shared CA artifacts, and startup order for multi-server deployments. Several obsolete/duplicated docs and action reports were removed and a new multi-server deployment doc was added to centralize on-demand/remote service guidance. Overall this cleans up legacy docs and documents the multi-server workflow and TLS/shared-CA requirements.
- Replace hardcoded password in code-server config with ${CODE_SERVER_PASSWORD}
- Replace domain kelin-hass.duckdns.org with yourdomain.duckdns.org in docs
- Replace domain kelinreij.duckdns.org with yourdomain.duckdns.org in homepage config
- Replace personal emails with example addresses
- Replace DuckDNS token and credentials in markup.yml with placeholders
- Replace Let's Encrypt account numbers with placeholders
Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
- Changed Dozzle service port from 8085 to 8080 (correct port)
- Removed authelia config template files (no longer needed)
- Removed db.sqlite3 runtime data file
- Move users_database.yml template from config/ to secrets/ folder
- Authelia configuration expects users file at /secrets/users_database.yml
- Replace hardcoded values in configuration.yml with variables:
- jwt_secret, session secret, storage encryption_key
- Domain references (kelinreij.duckdns.org → ${DOMAIN})
- Update deploy script to not move config files (already in subdirectories)
- Fix sed command path to target config/configuration.yml
- Remove unnecessary mkdir and mv commands from deploy_core()
This ensures Authelia uses the correctly generated file with user credentials.
- Replace hardcoded placeholders with Docker Compose variables
- docker-compose.yml: Use ${DUCKDNS_SUBDOMAINS}, ${DUCKDNS_TOKEN}, ${DOMAIN}, ${SERVER_IP}
- traefik.yml: Use ${DEFAULT_EMAIL} for ACME email
- users_database.yml: Use ${AUTHELIA_ADMIN_USER}, ${AUTHELIA_ADMIN_EMAIL}, ${AUTHELIA_ADMIN_PASSWORD_HASH}
- sablier/docker-compose.yml: Fix to use ${DOMAIN} instead of {{DUCKDNS_DOMAIN}}
This aligns with the correct strategy:
- Docker-compose files use variables (${VAR})
- .env files use placeholders or actual values
- Implement multi-server Traefik + Sablier architecture
- Add label-based automatic service discovery
- Create separate Sablier stack deployment
- Add remote server deployment workflow (Option 3)
- Add 9 new functions for multi-server management
- Remove deprecated config-templates folder
- Replace hardcoded private data with placeholders
- Update backup timestamp format to YY_MM_DD_hh_mm
- Add markup.yml to .gitignore
Breaking changes:
- Removed Sablier from core docker-compose.yml (now separate stack)
- Config templates moved from config-templates/ to docker-compose/core/
- REQUIRED_VARS now dynamic based on deployment type
- Update localize_users_database_file to properly resolve nested variables in AUTHELIA_ADMIN_EMAIL
- Fix template to use correct AUTHELIA_* variables instead of DEFAULT_* variables
- Update deploy-core.sh to only process files containing variables and fix .env path
- Fix file permissions for authelia config files
- Reorganize Authelia configuration files
- Add new dynamic routing files for Traefik
- Update various service docker-compose files
- Remove outdated templates and scripts
- Add traefik.docker.network=traefik-network label to all local services with traefik.enable=true
- Ensures consistent network selection for Traefik IP discovery
- Prevents routing conflicts when services are on multiple networks
- Updated 12 docker-compose files with 32+ service labels
- Maintains dual network access (homelab-network + traefik-network) for web UIs
- Add traefik.docker.network=traefik-network label to homepage service
- Prevent Traefik from using wrong IP from homelab-network
- Resolve 504 Gateway Timeout issues after authentication
- Update various docker-compose configurations and templates
- Clean up unused configuration files
- Change sablier volumes to use ./shared-ca:/certs:ro (matches script generation)
- Fix x-dockge URLs to use http:// for local access and correct variable syntax
- Ensure consistency with local working setup
- Generate shared CA during core deployment for consistent trust across servers
- Modify setup_docker_tls() to use shared CA instead of per-server CAs
- Update share_certs_with_core() to copy shared CA from core server
- Re-enable TLS verification (DOCKER_TLS_VERIFY=1) in Sablier
- Fix Sablier certificate mounting for proper TLS connection
- Add docker-tls/ to .gitignore to prevent certificate leaks
- Update documentation for shared CA approach
- Rename transcoders/docker-compose.yaml to .yml
- Rename wikis/docker-compose.yaml to .yml
- Maintains consistency with other docker-compose files in the project
Standardizes file extensions across all Docker Compose configurations.
- Add Sablier middleware configuration to Jupyter in productivity stack
- Update .gitignore to properly ignore service data files
- Ignore database files, logs, settings.json, and key files
Jupyter now supports on-demand startup via Sablier middleware.
- Add Sablier middleware to all 32 services across stacks
- Update vaultwarden port from 80 to 8091 to avoid conflicts
- Add tdarr-server and unmanic services with lazy loading
- Optimize health checks (wget for some services, dozzle built-in)
- Update Traefik routers and service definitions
- Update port documentation
All services now support on-demand startup via Sablier middleware.
- Add health checks to all services using Sablier lazy loading
- Utilities stack: Backrest, Duplicati, Form.io, Vaultwarden
- Productivity stack: Nextcloud, WordPress, Gitea, BookStack, MediaWiki
- Media Management stack: Sonarr, Radarr, Prowlarr, Jellyseerr
- Infrastructure stack: Dozzle, Glances, Code Server
- Dashboards stack: Homarr
- Health checks use curl to service endpoints with 30s intervals
- Appropriate start_period delays for service initialization
- This resolves Sablier warnings about missing health checks
- Change MediaWiki from port 8084 to 8086 to resolve conflict with TasmoAdmin
- Update Traefik loadbalancer port for MediaWiki
- Add MediaWiki to ports-in-use.md documentation
- TasmoAdmin now uses port 8084, MediaWiki uses port 8086
- Resolve port conflicts: TasmoAdmin (8084), Form.io (3002), Gitea (3010)
- Add missing Authelia SSO and Sablier lazy loading to utilities stack
- Standardize Form.io labels to match TRAEFIK CONFIGURATION guidelines
- Reorganize ports-in-use.md with stack-based table and proper column order
- Remove Dokuwiki deployment from ez-homelab.sh (already in productivity stack)
- Update service restart policies for lazy loading compatibility
- Remove authelia middleware from Vaultwarden (Bitwarden) for app compatibility
- Simplify all compose files to use only homelab-network and traefik-network
- Remove unnecessary isolated networks (nextcloud-network, wordpress-network, etc.)
- Remove monitoring-network, formio-network, and media-network
- All services now communicate through the unified homelab-network
- Maintain traefik-network for proxied services only
- Uncomment Authelia middleware for Vaultwarden (was disabled for app compatibility but should use SSO by default)
- Verify all other services have Authelia middleware except:
- Jellyfin (media app access)
- Plex (media app access)
- Authelia itself (authentication service)
- All x-dockge sections are properly formatted with urls list
- Replace all ${VARIABLE:-default} with ${VARIABLE} in compose files
- Ensure explicit variable requirements without default values
- Updated 10 docker-compose.yml files across all stacks
- Made reset-ondemand-services.sh executable
- Changed Nextcloud port from 80 to 8099
- Changed Mealie port from 9000 to 9001
- Changed WordPress port from 80 to 8089
- Changed Gitea port from 3000 to 3011
- Changed DokuWiki port from 80 to 8088
- Changed BookStack port from 80 to 6876
- Updated all corresponding Traefik loadbalancer ports
- Resolved conflicts with external host services in external-host-production.yml
- Changed all Sablier groups to ${SERVER_HOSTNAME}-arr for coordinated lazy loading
- Moved x-dockge URLs to top-level section with urls list format
- Added both HTTPS and localhost URLs for service discovery
- Updated guidelines and instructions to reflect new x-dockge format
- Update remaining 6 services (mealie, wordpress, gitea, dokuwiki, bookstack, mediawiki) to new format
- Enable authelia middleware for mealie and wordpress (previously disabled)
- Ensure all services except Jellyfin have authelia@docker protection
- Maintain consistent label structure with service metadata, router config, and Sablier settings
- Update infrastructure services (dozzle, glances, code-server) to new format
- Update dashboards (homarr) to new format
- Update utilities (backrest, duplicati) to new format
- Update productivity (nextcloud) to new format
- Add authelia middleware to all services except Jellyfin
- Ensure consistent label structure across all stacks
- Change ${SERVER_HOSTNAME:-debian} to ${SERVER_HOSTNAME} in Sablier groups
- Prevents empty default values that were causing configuration errors
- Applied to dashboards, infrastructure, media, productivity, and utilities stacks
- Remove port mapping from dockerproxy service
- Docker daemon already provides TCP API access on port 2375
- dockerproxy runs for security but doesn't expose conflicting port
- Resolves 'port already allocated' error during deployment
- Add consistent # TRAEFIK CONFIGURATION headers to all services
- Standardize label structure with service metadata, router config, and Sablier settings
- Update dockerproxy and sablier-service with Docker API requirements documentation
- Fix YAML validation issues in productivity stack
- Ensure all stacks have uniform labeling for easy management
Resolves Docker API connectivity issues for Sablier lazy loading
- Updated readarr, lidarr, lazylibrarian, mylar3, jellyseerr, tdarr-server, unmanic
- Applied consistent TRAEFIK CONFIGURATION headers and comments
- Removed duplicate x-dockge.url labels from jellyseerr
- All media services now use standardized label format matching other stacks
- Updated remaining homeassistant services (tasmoadmin, motioneye, nodered)
- All compose files now use standardized TRAEFIK CONFIGURATION headers
- Consistent label formatting with service metadata and Traefik configuration
- Maintained service-specific requirements (host networking, disabled SSO, etc.)
- Repository cleanup complete with all stacks updated to match dashboards template
- Removed docker-compose/productivity/nextcloud/html/ directory containing Nextcloud app files
- Added exclusion for Nextcloud html directory in .gitignore
- Nextcloud should install its files via Docker volume mounts, not be committed to repo
