kelin/arcane-registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
32 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
kelinfoxy d62f949652 create missing folders
2026-03-18 23:17:29 -04:00
docker-templates
create missing folders
2026-03-18 23:17:29 -04:00
README.md
documentaion update
2026-03-18 20:35:22 -04:00
registry.json
rename files
2026-03-18 19:57:53 -04:00

README.md

Authelia DuckDNS & Traefik based Arcane Registry

Approach

Authelia provides single sign on authentication
DuckDNS provides free sub domain redirects, and letsencrypt certificates (domain and wildcard)

Traefik routes based on labels for services running on the same server
Traefik routes based on remote-host.yaml files for services NOT running on the same server.

Each docker-compose.yml & .env file template includes templated labels to easily configure traefik routing.

Tip: Create the following variables in .env.global

  • TZ=America/New_York
  • PUID=1000
  • PGID=1000
  • SERVER_NAME=
  • SERVER_IP=
  • SUBDOMAIN=

Then you can simply remove them from the .env file instead of filling in the values every time.

To disable Authelia for a specific site (like Jellyfin): Comment out this line in the compose file - ${AUTHELIA_LABEL}

Deploying a new server? Start with the core stack

Compose file template

services:
  SERVICE_NAME:
    image: 
    container_name: 
    restart: unless-stopped
    networks:
      - homelab-network
      - traefik-network
    ports:
      - ${EXTERNAL_PORT}:${INTERNAL_PORT}
    volumes:
      - ./data:/data
      - ./config:/config
    environment:
      - TZ=${TZ}
      - PUID=${PUID}
      - PGID=${PGID}
    healthcheck:
      test: ['CMD', 'wget', '--quiet', '--tries=1', '--spider', 'http://localhost:9898/']
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
    labels:
      - com.getarcaneapp.arcane.icon=${ICON_URL}
      - ${HOST_LABEL}
      - ${LOADBALANCER_LABEL}
      - ${WATCHTOWER_ENABLE_LABEL}
      - ${TRAEFIK_ENABLE_LABEL}
      - ${TRAEFIK_NETWORK_LABEL}
      - ${ENTRYPOINT_LABEL}
      - ${CERT_LABEL}
      - ${AUTHELIA_LABEL}
 
networks:
  homelab-network:
    external: true
  traefik-network:
    external: true

x-dockge:
  urls:
    - https://${PROXY_URL}
    - ${LOCAL_URL}

x-arcane:
  icon: ${ICON_URL}
  urls:
    - https://${PROXY_URL}
    - ${LOCAL_URL}

.env template

# #######################################################
# Templating variables, not used by compose file directly
SERVER_NAME=
SERVER_IP=
SUBDOMAIN=
SERVICE_NAME=
ICON_URL=https://cdn.jsdelivr.net/gh/selfhst/icons@main/svg/${SERVICE_NAME}.svg

# Include Server Name in Proxy URL? Choose one.

# PROXY_URL=${SERVICE_NAME}.${SERVER_NAME}.${SUBDOMAIN}.duckdns.org
PROXY_URL=${SERVICE_NAME}.${SUBDOMAIN}.duckdns.org


# #############################################################################
# Compose file variables

TZ=America/New_York
PUID=1000
PGID=1000

CONTAINER_NAME=${SERVICE_NAME}
INTERNAL_PORT=8081
EXTERNAL_PORT=8099
LOCAL_URL=http://${SERVER_IP}:${EXTERNAL_PORT}


# #############################################################
# Container Labels

# DO NOT enclose label values in single quotes
# If the value needs to include single quotes use backticks instead

# For example HOST_LABEL=traefik.http.routers.${SERVICE_NAME}.rule=Host(`${PROXY_URL}`)
# Notice the use of backticks instead of single quotes around ${PROXY_URL}

TRAEFIK_ENABLE_LABEL=traefik.enable=true
HOST_LABEL=traefik.http.routers.${SERVICE_NAME}.rule=Host(`${PROXY_URL}`)
ICON_LABEL=com.getarcaneapp.arcane.icon=${ICON_URL}
LOADBALANCER_LABEL=traefik.http.services.${SERVICE_NAME}.loadbalancer.server.port=${INTERNAL_PORT}

TRAEFIK_NETWORK_LABEL=traefik.docker.network=traefik-network
ENTRYPOINT_LABEL=traefik.http.routers.${SERVICE_NAME}.entrypoints=websecure
CERT_LABEL=traefik.http.routers.${SERVICE_NAME}.tls.certresolver=letsencrypt

AUTHELIA_LABEL=traefik.http.routers.${SERVICE_NAME}.middlewares=authelia@docker
WATCHTOWER_ENABLE_LABEL=com.centurylinklabs.watchtower.enable=true

Traefik remote server yaml files

When Traefik is on a different server

  • labels in compose files are ignored (remove to avoid confussion)

  • The routers and services must be included in a yaml file under traefik/dynamic

VARIABLES MUST BE REPLACED BY THE ACTUAL VALUES - The files in traefik/dynamic do NOT have access to the env variables
Tip: Use find/replace in your text editor

http:
  routers:

    ${SERVICE_NAME}-${SERVER_NAME}:
      rule: "Host(`${SERVICE_NAME}$.${DOMAIN}`)"
      service: ${SERVICE_NAME}-${SERVER_NAME}-service
      entrypoints:
        - websecure
      tls:
        certResolver: letsencrypt
      middlewares:
        - authelia@docker


  services:

    ${SERVICE_NAME}-${SERVER_NAME}-service:
      loadBalancer:
        servers:
          - url: "http://${SERVER_IP}:${EXTERNAL_PORT}"
        passHostHeader: true

Filename doesn't technically matter, but it is recomended to either

  • create a file for each service named like service-server_name-remote-host.yaml

  • OR Create a single file per server like server_name-remote-host.yaml

Docker Compose Templates

  • Core

    • Authelia
    • DuckDNS (no webui)
    • Traefik

  • Backrest

  • Bookstack

  • Calibre-web

  • Docker-proxy (no webui)

  • Dokuwiki

  • Dozzle

  • Gitea

  • Glances

  • Homarr

  • Homepage

  • Jupyter

  • Mealie (No Authelia middleware)

  • Sablier (no webui)

  • Valutwarden (No Authelia middleware)

  • Watchtower (no webui)

Reference in New Issue View Git Blame Copy Permalink
Description
Compose Files and Arcane Registry
Readme 15 MiB