Template

This guide will show you how to use my template Docker Compose file to quickly deploy services.

Having followed my previous guides, you should have a basic understanding of how to deploy services with Docker Compose. This section will focus on using my template compose.yaml.

What is it for?

The "template" makes use of a Docker Compose project and its include feature to allow you to easily use and maintain a large number of services.

Each individual app has its own compose.yaml file, which will usually have its own .env file for configuration, and then the main compose.yaml file includes all of them.

The .env files handle most of the configuration for the services, which means you usually don't have to ever edit the compose.yaml file itself, just the documented .env files.

This means that when using the compose project, it counts as one single file with all the services in it. This makes it easy to reference other containers, and not having to deal with multiple networks, etc.

This compose.yaml uses Traefik as a reverse proxy to route traffic to the correct service. All our services are put behind Traefik, which allows us to access all services on the same port (80/443) and Traefik will route the traffic to the correct service. This means that port 80 and 443 are the only ports that need to be open on your server.

We use Authelia as an authentication service, which allows us to protect our services. Authelia is not applied to every single service, but only to the ones that require authentication. This is done through Traefik labels. I will discuss how to add Authelia to a service later on.

A quick summary of what is included in this template is:

• Default server management services
• Stremio related services
• Debrid media server services
• Seanime
• Minecraft server
• Plausible analytics
• Vaultwarden
• SearXNG
• Zipline

What is the full list of services that are available in the template?

Traefik is included as our reverse proxy. It is used to route traffic to the correct service. It means that you can access all services on the same port (80/443) and Traefik will route the traffic to the correct service. It also allows for automatic SSL certificate generation using Let's Encrypt, which is required for Stremio addons as Stremio requires HTTPS to install addons.

Authelia is included for authentication.

To help with managing the server, the following services are included:

• Dozzle - A simple real time log viewer for docker containers with a web based UI.
• Watchtower - Automatically update your Docker containers to the latest version.
• Uptime Kuma - A self-hosted monitoring tool for your services.
  • This is useful for monitoring the status of your services and receiving alerts. You do have to set up your services manually, but this can be done through the web interface.
• Dash. - A simple dashboard to monitor your server.
• Honey - Beautiful, customisable, startpage for your server to access all your services.
• Flame - A simple startpage, requiring minimal setup, for your server.

I have provided 2 startpages, Honey and Flame. You can choose which one you want to use. You can also use both if you want. The reason being that Honey requires a bit more setup, as you need to edit honey's config.json file and replace the urls with your own. I have provided my template which has all the images, so its not too hard to do. Flame is a bit more simple and requires no setup. But, it also has no images and you would have to provide that yourself for each service. Honey, IMO, looks far better.

Stremio Addons and Utilities

• AIOStreams
• AIOStremio
• Comet
• MediaFusion
• StremThru
• Stremio-Jackett
• Jackettio
• EasyNews+
• MediaFlow Proxy
• Catalog Providers
• TMDB Addon
• Stremio Trakt Addon
• Stremio Catalog Addon
• OMG TV Stremio Addon
• Stremio Server
  • This is the official Stremio server docker image. This handles the downloading and transcoding of streams. This is useful if you use Stremio on devices that don't have a server bundled with it, like on iOS on Stremio Web. It will allow you to stream torrents on those devices. Debrid streams may not be transcoded on all clients, however.
• Addon Manager

Debrid Media Server

danger

These services require a lot of work to set up, and documentation for it is not finished yet, I suggest only using this template as a reference

• Wests Scripts
  • Includes blackhole, repair, plex requests, plex watchlist.
• Radarr
• Sonarr
• AutoSync
• Recyclarr
• Plex
• Zurg
• RClone
• Jellyfin
• JellySeer
• Plex
• Overseerr
• Tautulli
• Kometa

Indexers and Utilities

• Prowlarr
• Jackett
• NZBHydra2
  • This is an indexer for NZB indexers. Which is mostly useful for Torbox users with the BYOI feature.
• Zilean
  • This is a DMM scraper.
• FlareSovlerr / Byparr
  • Useful for bypassing Cloudflare's anti-bot protection for scraping purposes.
• Cloudflare Warp
  • This is a Cloudflare Warp client. It allows you to bypass blocks. For example, Torrentio blocks requests from some VPS providers (like Oracle Cloud). In this case, you can use Cloudflare Warp to proxy your requests through it which can be used for AIOStreams, Prowlarr, etc.
• Gluetun
• Tweakio
  • A torrentio indexer built to work with the *arrs.
• Torbox Manager

This template also includes other applications:

• Seanime - Beautiful open-source media server with a web interface and desktop app for anime and manga.
• SearXNG - Privacy-respecting metasearch engine.
• Plausible Analytics - Simple, privacy-friendly and open-source web analytics. (Used on this site)
• Minecraft server
• Vaultwarden - An unofficial Bitwarden compatible server written in Rust.

Customising the template

The template is designed to be easily customisable. You can add your own services, remove services, and modify the configuration of the services.

My compose.yaml makes use of profiles to make it easier to deploy only specific services. Each individual service has its own profile, so seanime has a profile called seanime, and so on.

There are also profiles that are a group of services that are related to each other. For example, the stremio profile contains services that are related to Stremio.

The grouped profiles are as follows:

• stremio
• debrid_media_server
• indexers (includes Prowlarr, Jackett, NZBHydra2)
• all

The individual profiles are simply the names of the folder names in the apps directory.

There are also services that are not specified in a profile. These services can be referred to as the default services. They will always be included in the deployment, no matter what profiles you choose or don't choose.

The default profile contains the following services:

• Traefik, Authelia, Flame, Dash., Honey, Uptime Kuma, Watchtower, Dozzle.

After you have chosen which profiles you are going to use, keep them in mind, as you will now need to fill in the .env file with the necessary environment variables.

Other than choosing the profiles, you could also modify the root compose.yaml file and remove a compose.yaml from the include list. e.g. If you wanted to use the stremio profile, but not the TMDB addon, you could remove the - tmdb-addon/compose.yaml line under the include: section.

Setup

1. First, you should ensure Docker is installed per https://get.docker.com/ (If you followed my previous guides, you should already have Docker installed).

2. Next, you should make sure both port 80 and 443 are open on your server. This is required for Traefik to work correctly.

   tip

   If you are using Oracle Cloud, you can follow these steps to open the ports.

3. Then, connect to your server on a terminal. Typically using the command below, or if you created a Windows Terminal profile, you can use that.

   ssh ubuntu@your-server-ip

4. Next, you should clone the repository by running the following command:

   cd /opt
   git clone https://github.com/Viren070/docker-compose-vps-template.git docker

   This will clone the repository into a directory called docker located in /opt/docker.

5. Next, you should navigate into the directory that contains the compose.yaml file.

   cd docker/apps

6. You can now confirm that the files have been downloaded by running the following command:

   ls -a

   You should see a list of folders, an .env file, and a compose.yaml file.

7. Next, you should edit the .env files to fill in the necessary environment variables. Start off with the root .env file.

   There are many ways to fill these values in, you could:

   • use a CLI text editor like nano or vim to edit the file directly through the terminal.

     nano .env

   • Use VS Code to edit the file directly on the server using the Remote - SSH extension. (recommended)

     1. Install the Remote - SSH extension in VS Code.
     2. Open the command palette (Ctrl + Shift + P) and type Remote-SSH: Connect to Host....
     3. Enter the SSH connection string for your server (e.g. ubuntu@your-server-ip).
     4. Once connected, navigate to the /opt/docker/apps directory (Ctrl + K + Ctrl + O / File > Open Folder...).
     5. You will be able to see all the files and folders in the sidebar. Edit the .env files for each service from here by simply clicking on them and then editing them. You can also use the terminal in VS Code to run commands on the server. Make sure to save the files after editing them. (Ctrl + S / File > Save).

   • Edit all the files locally (so clone the repository to your local machine first) using your preferred method and then upload them to your server using scp.

   info

   You should only fill in the environment variables for the services you are going to deploy. If you add a profile, the full set of environment variables for each app under that profile will be required.

8. Now, you should ensure that for every hostname you set in the .env files, you have a DNS A record handling it pointing it to your servers public IP.

   warning

   If you are using Cloudflare, you should disable the proxy (orange cloud) for the DNS record. This is because Traefik needs to connect directly to your server.

   tip

   You can create a wildcard DNS by using an A record with * as the subdomain. e.g. *.yourdomain.com. This will allow you to use any subdomain while only needing to create one DNS record.

   However, this can cause issues and will cause any subdomain to be routed to your server. For example, if you're running a minecraft server, it will mean that any subdomain will be routed to your server.

9. After you have filled in the environment variables, you can now deploy the services. You should make sure you defined the COMPOSE_PROFILES environment variables as this will determine which profiles are started. If you did not set it, then only the services in the default profile would be started.

   Then, you can run the following command:

   docker compose up -d

• You can also specify the profiles through the --profile flag, e.g.

  docker compose --profile stremio --profile seanime up -d

11. After running the command, it may take some time for the services to start up. Once it is done, you should be able to access them at the hostnames you set in the .env file.

Modifying the profiles

You may want to omit some services from the profiles, this is possible by removing the profile from the service in the compose.yaml file.

I want to use the stremio profile but don't want the TMDB Addon

Within the compose.yaml file, you can remove the stremio profile from the tmdb-addon and tmdb-addon_mongo services. Remove the highlighted lines below:

/opt/docker/apps/tmdb-addon/compose.yaml

services:
  tmdb-addon:
    image: viren070/tmdb-addon:latest
    container_name: tmdb-addon
    restart: unless-stopped
    expose:
      - 3232
    environment:
      - PORT=3232
      - TMDB_API=${TMDB_API_KEY?}  # https://www.themoviedb.org/settings/api
      - FANART_API=${FANART_API_KEY?}  # https://fanart.tv/get-an-api-key/
      - HOST_NAME=${TMDB_ADDON_HOSTNAME?}
      - MONGODB_URI=mongodb://mongodb:27017/tmdb
      - META_TTL=604800  # 1 week
      - CATALOG_TTL=86400  # 1 day
      - NO_CACHE=false  # Enable cache, set to true to disable
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.tmdb.rule=Host(`${TMDB_ADDON_HOSTNAME?}`)"
      - "traefik.http.routers.tmdb.entrypoints=websecure"
      - "traefik.http.routers.tmdb.tls.certresolver=letsencrypt"
      - "traefik.http.services.tmdb.loadbalancer.server.port=3232"
      - "flame.type=app"
      - "flame.name=TMDB Addon"
      - "flame.url=https://${TMDB_ADDON_HOSTNAME?}"
    depends_on:
      tmdb-addon_mongo:
        condition: service_healthy
    profiles:
      - tmdb-addon
      - stremio
      - all

  tmdb-addon_mongo:
    image: mongo:latest
    container_name: tmdb-addon_mongo
    restart: unless-stopped
    volumes:
      - ${DOCKER_DATA_DIR}/tmdb-addon/db:/data/db
    healthcheck:
      test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet
      interval: 10s
      timeout: 10s
      retries: 5
      start_period: 40s
    profiles:
      - tmdb-addon
      - stremio
      - all

You could instead remove the include line from the root compose.yaml for the tmdb-addon service. This would mean that the service would not be included in the deployment at all. Adding the 'tmdb-addon' profile to the DOCKER_COMPOSE_PROFILES environment variable would also not work unless this line is added back.

/opt/docker/apps/compose.yaml

include:
  ...
  - tautulli/compose.yaml
  - tmdb-addon/compose.yaml
  - torbox-manager/compose.yaml
  ...
networks:
  default:
    name: ${DOCKER_NETWORK:-aio_default}
    external: ${DOCKER_NETWORK_EXTERNAL:-false}

Adding Authelia to a service

As mentioned before, Authelia is included in the template, but not every service is protected by it. This is because some services already have their own authentication system.

For example, Uptime Kuma has its own authentication system, so it doesn't need Authelia. But, you may want to add Authelia anyways, so I will show you how to do that.

You will have to edit the compose.yaml file for the service you want to add Authelia to.

For this example, we will use Uptime Kuma. You simply need to add one line defining the Authelia middleware to the router.

/opt/docker/apps/uptime-kuma/compose.yaml

services:
  uptime-kuma:
    image: louislam/uptime-kuma:latest
    container_name: kuma
    restart: unless-stopped
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
    expose:
      - 3001
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.uptime-kuma.rule=Host(`${UPTIME_KUMA_HOSTNAME?}`)"
      - "traefik.http.routers.uptime-kuma.entrypoints=websecure"
      - "traefik.http.routers.uptime-kuma.tls.certresolver=letsencrypt"
      - "traefik.http.routers.uptime-kuma.middlewares=authelia@docker"
      - "flame.type=app"
      - "flame.name=Uptime Kuma"
      - "flame.url=https://${UPTIME_KUMA_HOSTNAME?}"
    volumes:
      - ${DOCKER_DATA_DIR}/uptime-kuma:/app/data
      - /var/run/docker.sock:/var/run/docker.sock

Removing built-in authentication from the *arrs

The *arrs have their own authentication system, which is enabled by default. Since these services are behind Authelia, you may want to disable the in-built authentication system. This cannot be done through the web UI, you must edit the config files.

To make this easier, you can simply run this command to disable the authentication system. This depends on the current Authentication being set to None. i.e. You must run this before setting up the *arrs.

find /opt/docker/data -type f -name "*.xml" -exec sed -i 's|<AuthenticationMethod>None</AuthenticationMethod>|<AuthenticationMethod>External</AuthenticationMethod>|g' {} +

• This will find all the XML files in the /opt/docker/data directory and replace the None authentication method with External.