Logs, webpage and Export

[moltra]

I am trying to setup my Glances so that it is logged using influxdb 2.7, I would also like the ability to see the real time data using the web option.

Currently, I cannot get any of the 3 to work with my current setup. I have attached my docker compose and glances.conf for review.

Thanks in advance

##############################################################################
# Globals Glances parameters
##############################################################################
[global]
# Stats refresh rate (default is a minimum of 2 seconds)
# Can be overwrite by the -t <sec> option
# It is also possible to overwrite it in each plugin sections
refresh=2
# Does Glances should check if a newer version is available on PyPI ?
check_update=False
# History size (maximum number of values)
# Default is 1200 values (~1h with the default refresh rate)
history_size=1200
# Set the way Glances should display the date (default is %Y-%m-%d %H:%M:%S %Z)
#strftime_format="%Y-%m-%d %H:%M:%S %Z"

##############################################################################
# User interface
##############################################################################
debug=True
[outputs]
# Theme name for the Curses interface: black or white
curse_theme=black
# Limit the number of processes to display in the WebUI
max_processes_display=30

##############################################################################
# plugins
##############################################################################

[quicklook]
# Set to true to disable a plugin
# Note: you can also disable it from the command line (see --disable-plugin <plugin_name>)
disable=False
# Graphical percentage char used in the terminal user interface (default is |)
percentage_char=|
# Define CPU, MEM and SWAP thresholds in %
cpu_careful=50
cpu_warning=70
cpu_critical=90
mem_careful=50
mem_warning=70
mem_critical=90
swap_careful=50
swap_warning=70
swap_critical=90

[system]
# This plugin display the first line in the Glances UI with:
# Hostname / Operating system name / Architecture information
# Set to true to disable a plugin
disable=False
# Default refresh rate is 60 seconds
#refresh=60

[cpu]
disable=False
# See https://scoutapm.com/blog/slow_server_flow_chart
#
# I/O wait percentage should be lower than 1/# (# = Logical CPU cores)
# Leave commented to just use the default config:
# Careful=1/#*100-20% / Warning=1/#*100-10% / Critical=1/#*100
#iowait_careful=30
#iowait_warning=40
#iowait_critical=50
#
# Total % is 100 - idle
total_careful=65
total_warning=75
total_critical=85
total_log=True
#
# Default values if not defined: 50/70/90 (except for iowait)
user_careful=50
user_warning=70
user_critical=90
user_log=False
#user_critical_action=echo {{user}} {{value}} {{max}} > /tmp/cpu.alert
#
system_careful=50
system_warning=70
system_critical=90
system_log=False
#
steal_careful=50
steal_warning=70
steal_critical=90
#steal_log=True
#
# Context switch limit (core / second)
# Leave commented to just use the default config (critical is 50000*# (Logical CPU cores)
#ctx_switches_careful=10000
#ctx_switches_warning=12000
#ctx_switches_critical=14000

[percpu]
disable=False
# Define CPU thresholds in %
# Default values if not defined: 50/70/90
user_careful=50
user_warning=70
user_critical=90
iowait_careful=50
iowait_warning=70
iowait_critical=90
system_careful=50
system_warning=70
system_critical=90

[gpu]
disable=False
# Default processor values if not defined: 50/70/90
proc_careful=50
proc_warning=70
proc_critical=90
# Default memory values if not defined: 50/70/90
mem_careful=50
mem_warning=70
mem_critical=90

[mem]
disable=False
# Define RAM thresholds in %
# Default values if not defined: 50/70/90
careful=50
#careful_action_repeat=echo {{percent}} >> /tmp/memory.alert
warning=70
critical=90

[memswap]
disable=False
# Define SWAP thresholds in %
# Default values if not defined: 50/70/90
careful=50
warning=70
critical=90

[load]
disable=False
# Define LOAD thresholds
# Value * number of cores
# Default values if not defined: 0.7/1.0/5.0 per number of cores
# Source: http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages
#         http://www.linuxjournal.com/article/9001
careful=0.7
warning=1.0
critical=5.0
#log=False

[network]
disable=False
# Default bitrate thresholds in % of the network interface speed
# Default values if not defined: 70/80/90
rx_careful=70
rx_warning=80
rx_critical=90
tx_careful=70
tx_warning=80
tx_critical=90
# Define the list of hidden network interfaces (comma-separated regexp)
#hide=docker.*,lo
# Define the list of wireless network interfaces to be show (comma-separated)
#show=docker.*
# WLAN 0 alias
#wlan0_alias=Wireless
# It is possible to overwrite the bitrate thresholds per interface
# WLAN 0 Default limits (in bits per second aka bps) for interface bitrate
#wlan0_rx_careful=4000000
#wlan0_rx_warning=5000000
#wlan0_rx_critical=6000000
#wlan0_rx_log=True
#wlan0_tx_careful=700000
#wlan0_tx_warning=900000
#wlan0_tx_critical=1000000
#wlan0_tx_log=True

[ip]
disable=False
public_refresh_interval=300
public_ip_disabled=False
# Configuration for the Censys online service
# Need to create an aacount: https://censys.io/login
censys_url=https://search.censys.io/api
# Get your own credential here: https://search.censys.io/account/api
# Enter your credential and uncomment the following lines
#censys_username=<censys_api_id>
#censys_password=<censys_secret>
# List of fields to be displayed in user interface (comma separated)
censys_fields=location:continent,location:country,autonomous_system:name

[connections]
# Display additional information about TCP connections
# This plugin is disabled by default
disable=True
# nf_conntrack thresholds in %
nf_conntrack_percent_careful=70
nf_conntrack_percent_warning=80
nf_conntrack_percent_critical=90

[wifi]
disable=True
# Define the list of hidden wireless network interfaces (comma-separated regexp)
hide=lo,docker.*
# Define the list of wireless network interfaces to be show (comma-separated)
#show=docker.*
# Define SIGNAL thresholds in db (lower is better...)
# Based on: http://serverfault.com/questions/501025/industry-standard-for-minimum-wifi-signal-strength
careful=-65
warning=-75
critical=-85

[diskio]
disable=False
# Define the list of hidden disks (comma-separated regexp)
#hide=sda2,sda5,loop.*
hide=loop.*,/dev/loop.*
# Define the list of disks to be show (comma-separated)
#show=sda.*
# Alias for sda1
#sda1_alias=InternalDisk

[fs]
disable=False
# Define the list of file system to hide (comma-separated regexp)
hide=/boot.*,/snap.*
# Define the list of file system to show (comma-separated regexp)
#show=/,/srv
# Define filesystem space thresholds in %
# Default values if not defined: 50/70/90
# It is also possible to define per mount point value
# Example: /_careful=40
careful=50
warning=70
critical=90
# Allow additional file system types (comma-separated FS type)
#allow=shm

[irq]
# Documentation: https://glances.readthedocs.io/en/latest/aoa/irq.html
# This plugin is disabled by default
disable=True

[folders]
# Documentation: https://glances.readthedocs.io/en/latest/aoa/folders.html
disable=False
# Define a folder list to monitor
# The list is composed of items (list_#nb <= 10)
# An item is defined by:
# * path: absolute path
# * careful: optional careful threshold (in MB)
# * warning: optional warning threshold (in MB)
# * critical: optional critical threshold (in MB)
# * refresh: interval in second between two refreshes
#folder_1_path=/tmp
#folder_1_careful=2500
#folder_1_warning=3000
#folder_1_critical=3500
#folder_1_refresh=60
#folder_2_path=/home/nicolargo/Videos
#folder_2_warning=17000
#folder_2_critical=20000
#folder_3_path=/nonexisting
#folder_4_path=/root

[cloud]
# Documentation: https://glances.readthedocs.io/en/latest/aoa/cloud.html
# This plugin is disabled by default
disable=True

[raid]
# Documentation: https://glances.readthedocs.io/en/latest/aoa/raid.html
# This plugin is disabled by default
disable=True

[smart]
# Documentation: https://glances.readthedocs.io/en/latest/aoa/smart.html
# This plugin is disabled by default
disable=True

[hddtemp]
disable=False
# Define hddtemp server IP and port (default is 127.0.0.1 and 7634 (TCP))
host=127.0.0.1
port=7634

[sensors]
# Documentation: https://glances.readthedocs.io/en/latest/aoa/sensors.html
disable=False
# By default refresh every refresh time * 2
#refresh=6
# Hide some sensors
#hide=ambient
# Sensors core thresholds (in Celsius...)
# Default values are grabbed from the system
#temperature_core_careful=60
#temperature_core_warning=70
#temperature_core_critical=80
# Temperatures threshold in °C for hddtemp
# Default values if not defined: 45/52/60
temperature_hdd_careful=45
temperature_hdd_warning=52
temperature_hdd_critical=60
# Battery threshold in %
battery_careful=80
battery_warning=90
battery_critical=95
# Sensors alias
#temp1_alias=Motherboard 0
#temp2_alias=Motherboard 1
#core 0_temperature_core_alias=CPU Core 0 temp
#core 0_fans_speed_alias=CPU Core 0 fan
#or
#core 0_alias=CPU Core 0
#core 1_alias=CPU Core 1

[processcount]
disable=False
# If you want to change the refresh rate of the processing list, please uncomment:
#refresh=10

[processlist]
disable=False
# Sort key: if not defined, the sort is automatically done by Glances (recommended)
# Should be one of the following:
# cpu_percent, memory_percent, io_counters, name, cpu_times, username
#sort_key=memory_percent
# Define CPU/MEM (per process) thresholds in %
# Default values if not defined: 50/70/90
cpu_careful=50
cpu_warning=70
cpu_critical=90
mem_careful=50
mem_warning=70
mem_critical=90
#
# Nice priorities range from -20 to 19.
# Configure nice levels using a comma separated list.
#
# Nice: Example 1, non-zero is warning (default behavior)
nice_warning=-20,-19,-18,-17,-16,-15,-14,-13,-12,-11,-10,-9,-8,-7,-6,-5,-4,-3,-2,-1,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
#
# Nice: Example 2, low priority processes escalate from careful to critical
#nice_careful=1,2,3,4,5,6,7,8,9
#nice_warning=10,11,12,13,14
#nice_critical=15,16,17,18,19

[ports]
disable=False
# Interval in second between two scans
# Ports scanner plugin configuration
refresh=30
# Set the default timeout (in second) for a scan (can be overwritten in the scan list)
timeout=3
# If port_default_gateway is True, add the default gateway on top of the scan list
port_default_gateway=True
#
# Define the scan list (1 < x < 255)
# port_x_host (name or IP) is mandatory
# port_x_port (TCP port number) is optional (if not set, use ICMP)
# port_x_description is optional (if not set, define to host:port)
# port_x_timeout is optional and overwrite the default timeout value
# port_x_rtt_warning is optional and defines the warning threshold in ms
#
#port_1_host=192.168.0.1
#port_1_port=80
#port_1_description=Home Box
#port_1_timeout=1
#port_2_host=www.free.fr
#port_2_description=My ISP
#port_3_host=www.google.com
#port_3_description=Internet ICMP
#port_3_rtt_warning=1000
#port_4_description=Internet Web
#port_4_host=www.google.com
#port_4_port=80
#port_4_rtt_warning=1000
#
# Define Web (URL) monitoring list (1 < x < 255)
# web_x_url is the URL to monitor (example: http://my.site.com/folder)
# web_x_description is optional (if not set, define to URL)
# web_x_timeout is optional and overwrite the default timeout value
# web_x_rtt_warning is optional and defines the warning respond time in ms (approximately)
#
#web_1_url=https://blog.nicolargo.com
#web_1_description=My Blog
#web_1_rtt_warning=3000
#web_2_url=https://github.com
#web_3_url=http://www.google.fr
#web_3_description=Google Fr
#web_4_url=https://blog.nicolargo.com/nonexist
#web_4_description=Intranet

[containers]
disable=False
# Only show specific containers (comma separated list of container name or regular expression)
# Comment this line to display all containers (default configuration)
#show=telegraf
# Hide some containers (comma separated list of container name or regular expression)
# Comment this line to display all containers (default configuration)
#hide=telegraf
# Define the maximum docker size name (default is 20 chars)
max_name_size=20
#cpu_careful=50
# Thresholds for CPU and MEM (in %)
#cpu_warning=70
#cpu_critical=90
#mem_careful=20
#mem_warning=50
#mem_critical=70
#
# Per container thresholds
#containername_cpu_careful=10
#containername_cpu_warning=20
#containername_cpu_critical=30
#
# By default, Glances only display running containers
# Set the following key to True to display all containers
all=False
# Define Podman sock
#podman_sock=unix:///run/user/1000/podman/podman.sock

[amps]
# AMPs configuration are defined in the bottom of this file
disable=False

##############################################################################
# Client/server
##############################################################################

[serverlist]
# Define the static servers list
#server_1_name=localhost
#server_1_alias=My local PC
#server_1_port=61209
#server_2_name=localhost
#server_2_port=61235
#server_3_name=192.168.0.17
#server_3_alias=Another PC on my network
#server_3_port=61209
#server_4_name=pasbon
#server_4_port=61237

[passwords]
# Define the passwords list related to the [serverlist] section
# Syntax: host=password
# Where: host is the hostname
#        password is the clear password
# Additionally (and optionally) a default password could be defined
#localhost=abc
#default=defaultpassword
#
# Define the path of the local '.pwd' file (default is system one)
#local_password_path=~/.config/glances

##############################################################################
# Exports
##############################################################################

[graph]
# Configuration for the --export graph option
# Set the path where the graph (.svg files) will be created
# Can be overwrite by the --graph-path command line option
path=/tmp
# It is possible to generate the graphs automatically by setting the
# generate_every to a non zero value corresponding to the seconds between
# two generation. Set it to 0 to disable graph auto generation.
generate_every=60
# See following configuration keys definitions in the Pygal lib documentation
# http://pygal.org/en/stable/documentation/index.html
width=800
height=600
style=DarkStyle

#[influxdb]
# !!!
# Will be DEPRECATED in future release.
# Please have a look on the new influxdb2 export module (compatible with InfluxDB 1.8.x and 2.x)
# !!!
# Configuration for the --export influxdb option
# https://influxdb.com/
#host=localhost
#port=8086
#protocol=http
#user=root
#password=root
#db=glances
# Prefix will be added for all measurement name
# Ex: prefix=foo
#     => foo.cpu
#     => foo.mem
# You can also use dynamic values
#prefix=foo
# Following tags will be added for all measurements
# You can also use dynamic values.
# Note: hostname is always added as a tag
#tags=foo:bar,spam:eggs,domain:`domainname`

[influxdb2]
# Configuration for the --export influxdb2 option
# https://influxdb.com/
host=127.0.0.1 
port=8086
protocol=http
org=Strickland
bucket=glances
token=f_7uaD9xPdYJlX-JfnKjlr4r1ouMyKrRjEOEVYa1Efjm6vhNvpaaqzzrE2OqwA5vmbcoezWM3O5HAW7al8FW5g==
# Set the interval between two exports (in seconds)
# If the interval is set to 0, the Glances refresh time is used (default behavor)
#interval=0
# Prefix will be added for all measurement name
# Ex: prefix=foo
#     => foo.cpu
#     => foo.mem
# You can also use dynamic values
#prefix=foo
# Following tags will be added for all measurements
# You can also use dynamic values.
# Note: hostname is always added as a tag
#tags=foo:bar,spam:eggs,domain:`domainname`

[cassandra]
# Configuration for the --export cassandra option
# Also works for the ScyllaDB
# https://influxdb.com/ or http://www.scylladb.com/
host=localhost
port=9042
protocol_version=3
keyspace=glances
replication_factor=2
# If not define, table name is set to host key
table=localhost
# If not define, username and password will not be used
#username=cassandra
#password=password

[opentsdb]
# Configuration for the --export opentsdb option
# http://opentsdb.net/
host=localhost
port=4242
#prefix=glances
#tags=foo:bar,spam:eggs

[statsd]
# Configuration for the --export statsd option
# https://github.com/etsy/statsd
host=localhost
port=8125
#prefix=glances

[elasticsearch]
# Configuration for the --export elasticsearch option
# Data are available via the ES RESTful API. ex: URL/<index>/cpu
# https://www.elastic.co
scheme=http
host=localhost
port=9200
index=glances

[riemann]
# Configuration for the --export riemann option
# http://riemann.io
host=localhost
port=5555

[rabbitmq]
# Configuration for the --export rabbitmq option
host=localhost
port=5672
user=guest
password=guest
queue=glances_queue
#protocol=amqps

[mqtt]
# Configuration for the --export mqtt option
host=localhost
port=8883
tls=false
user=guest
password=guest
topic=glances
topic_structure=per-metric

[couchdb]
# Configuration for the --export couchdb option
# https://www.couchdb.org
host=localhost
port=5984
db=glances
# user and password are optional (comment if not configured on the server side)
# If they are used, then the https protocol will be used
#user=root
#password=root

[mongodb]
# Configuration for the --export mongodb option
# https://www.mongodb.com
host=localhost
port=27017
db=glances
user=root
password=example

[kafka]
# Configuration for the --export kafka option
# http://kafka.apache.org/
host=localhost
port=9092
topic=glances
#compression=gzip
# Tags will be added for all events
#tags=foo:bar,spam:eggs
# You can also use dynamic values
#tags=hostname:`hostname -f`

[zeromq]
# Configuration for the --export zeromq option
# http://www.zeromq.org
# Use * to bind on all interfaces
host=*
port=5678
# Glances envelopes the stats in a publish message with two frames:
# - First frame containing the following prefix (STRING)
# - Second frame with the Glances plugin name (STRING)
# - Third frame with the Glances plugin stats (JSON)
prefix=G

[prometheus]
# Configuration for the --export prometheus option
# https://prometheus.io
# Create a Prometheus exporter listening on localhost:9091 (default configuration)
# Metric are exporter using the following name:
#   <prefix>_<plugin>_<stats>{labelkey:labelvalue}
# Note: You should add this exporter to your Prometheus server configuration:
#   scrape_configs:
#    - job_name: 'glances_exporter'
#      scrape_interval: 5s
#      static_configs:
#        - targets: ['localhost:9091']
#
# Labels will be added for all measurements (default is src:glances)
#  labels=foo:bar,spam:eggs
# You can also use dynamic values
#  labels=system:`uname -s`
#
host=localhost
port=9091
#prefix=glances
labels=src:glances

[restful]
# Configuration for the --export restful option
# Example, export to http://localhost:6789/
host=localhost
port=6789
protocol=http
path=/

[graphite]
# Configuration for the --export graphite option
# https://graphiteapp.org/
host=localhost
port=2003
# Prefix will be added for all measurement name
prefix=glances
# System name added between the prefix and the stats
# By default, system_name = FQDN
#system_name=mycomputer

##############################################################################
# AMPS
# * enable: Enable (true) or disable (false) the AMP
# * regex: Regular expression to filter the process(es)
# * refresh: The AMP is executed every refresh seconds
# * one_line: (optional) Force (if true) the AMP to be displayed in one line
# * command: (optional) command to execute when the process is detected (thk to the regex)
# * countmin: (optional) minimal number of processes
#             A warning will be displayed if number of process < count
# * countmax: (optional) maximum number of processes
#             A warning will be displayed if number of process > count
# * <foo>: Others variables can be defined and used in the AMP script
##############################################################################

[amp_dropbox]
# Use the default AMP (no dedicated AMP Python script)
# Check if the Dropbox daemon is running
# Every 3 seconds, display the 'dropbox status' command line
enable=false
regex=.*dropbox.*
refresh=3
one_line=false
command=dropbox status
countmin=1

[amp_python]
# Use the default AMP (no dedicated AMP Python script)
# Monitor all the Python scripts
# Alert if more than 20 Python scripts are running
enable=false
regex=.*python.*
refresh=3
countmax=20

[amp_conntrack]
# Use comma separated for multiple commands (no space around the comma)
# If the regex key is not defined, the AMP will be executed every refresh second
# and the process count will not be displayed (countmin and countmax will be ignore)
enable=false
refresh=30
one_line=false
command=sysctl net.netfilter.nf_conntrack_count;sysctl net.netfilter.nf_conntrack_max

[amp_nginx]
# Use the NGinx AMP
# Nginx status page should be enable (https://easyengine.io/tutorials/nginx/status-page/)
enable=false
regex=\/usr\/sbin\/nginx
refresh=60
one_line=false
status_url=http://localhost/nginx_status

[amp_systemd]
# Use the Systemd AMP
enable=false
regex=\/lib\/systemd\/systemd
refresh=30
one_line=true
systemctl_cmd=/bin/systemctl --plain

[amp_systemv]
# Use the Systemv AMP
enable=false
regex=\/sbin\/init
refresh=30
one_line=true
service_cmd=/usr/bin/service --status-all

version: "3.9"
########################### NETWORKS
# You may customize the network subnet (192.168.90.0/24) below as you please.
# Docker Compose version 3.5 or higher required to define networks this way.
 
networks:
  socket_proxy:
    name: socket_proxy
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.91.0/24
  # dockervlan:
  #   name: dockervlan
  #   driver: macvlan
  #   driver_opts:
  #     parent: eth1 # using ifconfig
  #   ipam:
  #     config:
  #       - subnet: "192.168.0.0/24"
  #         ip_range: "192.168.0.250/32"
  #         gateway: "192.168.0.1"

########################### SECRETS
secrets:
  traefik_forward_auth:
    file: $DOCKERDIR/secrets/traefik_forward_auth

########################### EXTENSION FIELDS
# Helps eliminate repetition of sections
# More Info on how to use this: https://github.com/htpcBeginner/docker-traefik/pull/228
 
# Common environment values
x-environment: &default-tz-puid-pgid
  TZ: $TZ
  PUID: $PUID
  PGID: $PGID
 
# Keys common to some of the core services that we always to automatically restart on failure
x-common-keys-core: &common-keys-core
  networks:
    #  - t2_proxy
    - socket_proxy
  security_opt:
    - no-new-privileges:true
  restart: always
 
# Keys common to some of the dependent services/apps
x-common-keys-apps: &common-keys-apps
  networks:
    #  - t2_proxy
    - socket_proxy
  security_opt:
    - no-new-privileges:true
  restart: unless-stopped
 
# Keys common to some of the services in media-services.txt
x-common-keys-media: &common-keys-media
  networks:
    #  - t2_proxy
    - socket_proxy
  security_opt:
    - no-new-privileges:true
  restart: "no"

########################### SERVICES
services:
# Traefik 2 - Reverse Proxy
  traefik:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    container_name: traefik
    image: traefik:2.7
    profiles: ["db_setup", "frontend"]
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entryPoints.postgres.address=:5432
      # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
      - --entrypoints.https.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
      - --entryPoints.traefik.address=:8080
      - --api=true
      # - --api.insecure=true
      - --api.dashboard=true
      # - --serversTransport.insecureSkipVerify=true
      - --log=true
      # - --log.filePath=/logs/cloudserver/traefik/traefik.log
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      # - --accessLog.filePath=/logs/cloudserver/traefik/access.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=204-299,400-499,500-599
      - --providers.docker=true
      # --providers.docker.endpoint=unix:///var/run/docker.sock # Use Docker Socket Proxy instead for improved security
      - --providers.docker.endpoint=tcp://socket-proxy:2375 # Use this instead of the previous line if you have socket proxy.
      - --providers.docker.exposedByDefault=false
      - --entrypoints.https.http.tls.options=tls-opts@file
      # Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services
      - --entrypoints.https.http.tls.certresolver=dns-cloudflare
      - --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER
      - --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME_CLOUD_SERVER
      # - --entrypoints.https.http.tls.domains[1].main=$DOMAINNAME2 # Pulls main cert for second domain
      # - --entrypoints.https.http.tls.domains[1].sans=*.$DOMAINNAME2 # Pulls wildcard cert for second domain
      - --providers.docker.network=socket_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
      # - --providers.file.filename=/path/to/file # Load dynamic configuration from a file
      - --providers.file.watch=true # Only works on top level files in the rules folder
      #- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
      - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
    networks:
      # t2_proxy:
      # ipv4_address: 192.168.90.254 # You can specify a static IP
      - socket_proxy
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - 5432:5432   #<<<<<<<<<<<<<<<< to access PostgreSQL
      #  - "8080:8080"
      #- target: 8080 # insecure api wont work
      #   published: 8080
      #   protocol: tcp
      #   mode: host
    volumes:
      - $DOCKERDIR/appdata/traefik2/rules/cloudserver:/rules # file provider directory
      - /var/run/docker.sock:/var/run/docker.sock:ro # If you use Docker Socket Proxy, comment this line out
      - $DOCKERDIR/appdata/traefik2/acme/acme.json:/acme.json # cert location - you must create this empty file and change permissions to 600
      - $DOCKERDIR/logs/cloudserver/traefik:/logs # for fail2ban or crowdsec
      - $DOCKERDIR/shared:/shared
    environment:
      - TZ=$TZ
      - CF_API_EMAIL=$CLOUDFLARE_EMAIL
      - CF_API_KEY=$CLOUDFLARE_API_KEY
      - DOMAINNAME_CLOUD_SERVER # Passing the domain name to the traefik container to be able to use the variable in rules. 
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
      - "traefik.enable=true"
      - "traefik.docker.network=socket_proxy"
      # HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_CLOUD_SERVER`)"
      - "traefik.http.routers.traefik-rtr.tls=true" # Some people had 404s without this
      # - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
      - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER"
      - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME_CLOUD_SERVER"
      # - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$DOMAINNAME2" # Pulls main cert for second domain
      # - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$DOMAINNAME2" # Pulls wildcard cert for second domain
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      ## Middlewares
      ## Healthcheck/ping
      #- "traefik.http.routers.ping.rule=Host(`traefik.$DOMAINNAME_CLOUD_SERVER`) && Path(`/ping`)"
      #- "traefik.http.routers.ping.tls=true"
      #- "traefik.http.routers.ping.service=ping@internal"
      ## Middlewares
      #- "traefik.http.routers.traefik-rtr.middlewares=chain-no-auth@file" # For No Authentication
      #- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file" # For Basic HTTP Authentication
      - "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file" # For Google OAuth
# Dozzle - Real-time Docker Log Viewer
  dozzle:
    image: amir20/dozzle:latest
    container_name: dozzle
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    profiles: ["db_setup","frontend"]
    networks:
      # - t2_proxy
      - socket_proxy
    ports:
      - "8082:8080"
    environment:
      DOZZLE_LEVEL: info
      DOZZLE_TAILSIZE: 300
      DOZZLE_FILTER: "status=running"
      # DOZZLE_FILTER: "label=log_me" # limits logs displayed to containers with this label
      DOCKER_HOST: tcp://socket-proxy:2375
    # volumes:
    #  - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.dozzle-rtr.entrypoints=https"
      - "traefik.http.routers.dozzle-rtr.rule=Host(`dozzle.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.dozzle-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.dozzle-rtr.service=dozzle-svc"
      - "traefik.http.services.dozzle-svc.loadbalancer.server.port=8080"
# Heimdall - Application Dashboard
  heimdall:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    image: lscr.io/linuxserver/heimdall
    container_name: heimdall
    # ports:
      # - "$HEIMDALL_HTTP_PORT:80" # 80 used by Traefik
      # - "$HEIMDALL_HTTPS_PORT:443" # 443 used by Traefik. Disabled because we will put Heimdall behind proxy.
    networks:
      - socket_proxy
    volumes:
      - $DOCKERDIR/appdata/heimdall:/config
    profiles: ["db_setup", "frontend"]    
    environment:
      <<: *default-tz-puid-pgid
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.heimdall-rtr.entrypoints=https"
      - "traefik.http.routers.heimdall-rtr.rule=Host(`$DOMAINNAME_CLOUD_SERVER`,`www.$DOMAINNAME_CLOUD_SERVER`)"
      - "traefik.http.routers.heimdall-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.heimdall-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.heimdall-rtr.service=heimdall-svc"
      - "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"
# Google OAuth - Single Sign On using OAuth 2.0
  oauth:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    container_name: oauth
    image: thomseddon/traefik-forward-auth:latest
    # image: thomseddon/traefik-forward-auth:2.1-arm # Use this image with Raspberry Pi
    profiles: ["db_setup", "frontend"]    
    environment:
      - CONFIG=/config
      - COOKIE_DOMAIN=$DOMAINNAME_CLOUD_SERVER
      - INSECURE_COOKIE=false
      - AUTH_HOST=oauth.$DOMAINNAME_CLOUD_SERVER
      - URL_PATH=/_oauth
      - LOG_LEVEL=info
      - LOG_FORMAT=text
      - LIFETIME=2592000  # 30 days
      - DEFAULT_ACTION=auth
      - DEFAULT_PROVIDER=google
    secrets:
      - source: traefik_forward_auth
        target: /config
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.oauth-rtr.tls=true"
      - "traefik.http.routers.oauth-rtr.entrypoints=https"
      - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.oauth-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.oauth-rtr.service=oauth-svc"
      - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181"
  it-tools:
    image: corentinth/it-tools
    container_name: it-tools
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    profiles: ["db_setup", "frontend"]
    networks:
      - socket_proxy
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.it-tools-rtr.entrypoints=https"
      - "traefik.http.routers.it-tools-rtr.rule=Host(`tools.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.it-tools-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.it-tools-rtr.service=it-tools-svc"
      - "traefik.http.services.it-tools-svc.loadbalancer.server.port=80"
# Docker-GC - Automatic Docker Garbage Collection
# Create docker-gc-exclude file
  dockergc:
    <<: *common-keys-apps # See EXTENSION FIELDS at the top
    image: clockworksoul/docker-gc-cron:latest
    container_name: docker-gc
    profiles: ["frontend"]    
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy and comment this line for improved security.
      - $DOCKERDIR/appdata/docker-gc/docker-gc-exclude:/etc/docker-gc-exclude # Create empty file
    environment:
      CRON: 0 0 0 * * ? # Everyday at midnight. Previously 0 0 * * *
      FORCE_IMAGE_REMOVAL: 1
      FORCE_CONTAINER_REMOVAL: 0
      GRACE_PERIOD_SECONDS: 604800
      DRY_RUN: 0
      CLEAN_UP_VOLUMES: 1
      TZ: $TZ
      DOCKER_HOST: tcp://socket-proxy:2375 # Use this if you have Socket Proxy enabled.
# Docker Socket Proxy - Security Enchanced Proxy for Docker Socket
  socket-proxy:
    container_name: socket-proxy
    image: tecnativa/docker-socket-proxy
    profiles: ["db_setup", "frontend"]
    restart: always
    networks:
      socket_proxy:
        ipv4_address: $socket_proxy_ip # 192.168.91.254  You can specify a static IP
    # privileged: true # true for VM. False for unprivileged LXC container.
    ports:
      - "127.0.0.1:2375:2375" # Port 2375 should only ever get exposed to the internal network. When possible use this line.
    # I use the next line instead, as I want portainer to manage multiple docker endpoints within my home network.
    # - "2375:2375"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
      ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
      # 0 to revoke access.
      # 1 to grant access.
      ## Granted by Default
      - EVENTS=1
      - PING=1
      - VERSION=1
      ## Revoked by Default
      # Security critical
      - AUTH=0
      - SECRETS=0
      - POST=1 # Watchtower
      # Not always needed
      - BUILD=0
      - COMMIT=0
      - CONFIGS=0
      - CONTAINERS=1 # Traefik, portainer, etc.
      - DISTRIBUTION=0
      - EXEC=0
      - IMAGES=1 # Portainer
      - INFO=1 # Portainer
      - NETWORKS=1 # Portainer
      - NODES=0
      - PLUGINS=0
      - SERVICES=1 # Portainer
      - SESSION=0
      - SWARM=0
      - SYSTEM=0
      - TASKS=1 # Portainer
      - VOLUMES=1 # Portainer
  # Grafana - Graphical data visualization for InfluxDB data
  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    profiles: ["frontend"]
    networks:
      - socket_proxy
    ports:
      - "3000:3000"
    user: $PUID
    volumes:
      - $DOCKERDIR/appdata/grafana:/var/lib/grafana
    environment:
      GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-worldmap-panel,grafana-piechart-panel"
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.grafana-rtr.entrypoints=https"
      - "traefik.http.routers.grafana-rtr.rule=Host(`grafana.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.grafana-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.grafana-rtr.service=grafana-svc"
      - "traefik.http.services.grafana-svc.loadbalancer.server.port=3000"
   # Gluetun - VPN Client for Docker Containers and More
  # Gluetun only for use by torrent clients + on demand lan devices.
  # Arr apps do not need VPN (not recommended), unless you have ISP/country restrictions.
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    profiles: ["frontend"]
    networks:
      - socket_proxy
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    ports:
      - "8081:8080" # Exposing qBittorrent through Docker Host LAN IP
      - 8073:8073/tcp  #GUI Interface for qbittorrent
      - 56056:56056/tcp    # Port forwarded per Mullvad
      - 56056:56056/udp
    volumes:
      - $DOCKERDIR/appdata/gluetun:/gluetun
    environment:
     - TZ=$TZ
     - VPN_SERVICE_PROVIDER=private internet access
     - VPN_TYPE=openvpn
     - SERVER_REGIONS=$VPN_REGIONS
     - OPENVPN_USER=$VPN_USERNAME
     - OPENVPN_PASSWORD=$VPN_PASSWORD
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.gluetun-qbittorrent-rtr.entrypoints=https"
      - "traefik.http.routers.gluetun-qbittorrent-rtr.rule=Host(`qbit.$DOMAINNAME_CLOUD_SERVER`)" # qBittorrent
      ## Middlewares
      - "traefik.http.routers.gluetun-qbittorrent-rtr.middlewares=chain-oauth@file" # qBittorrent
      ## HTTP Services
      - "traefik.http.routers.gluetun-qbittorrent-rtr.service=gluetun-svc" # qBittorrent
      - "traefik.http.services.gluetun-svc.loadbalancer.server.port=8080" # qBittorrent
  # qBittorrent - Torrent downloader
  # Needs trailing / if using PathPrefixStrip
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    profiles: ["frontend"]
    network_mode: "service:gluetun"
    # ports:
    #   - "8081:8080" # Explosed via gluetun. 8081 because crowdsec is using port 8080
    volumes:
      - $DOCKERDIR/appdata/qbittorrent:/config
      - $DATADIR1/downloads:/data/downloads # Ensure that downloads folder is set to /data/downloads in qBittorrent
    environment:
      - TZ=$TZ
      - PUID=$PUID
      - PGID=$PGID
    healthcheck: # https://github.com/qdm12/gluetun/issues/641#issuecomment-933856220
      test: "curl -sf https://example.com  || exit 1"
      interval: 1m
      timeout: 10s
      retries: 1
    labels: # Traefik labels added via glueten
      - "deunhealth.restart.on.unhealthy=true"
  # # File Browser - Explorer
  # filebrowser:
  #   image: filebrowser/filebrowser:s6
  #   container_name: filebrowser
  #   security_opt:
  #     - no-new-privileges:true
  #   restart: unless-stopped
  #   profiles: ["frontend"]
  #   networks:
  #     - socket_proxy
  #   ports:
  #     - "81:80"
  #   volumes:
  #     - $DOCKERDIR/appdata/filebrowser:/config
  #     - $EXTDRIVE:/data/media
  #     - $USERDIR:/data/home
  #   environment:
  #     TZ: $TZ
  #     PUID: $PUID
  #     PGID: $PGID
  #   labels:
  #     - "traefik.enable=true"
  #     ## HTTP Routers
  #     - "traefik.http.routers.filebrowser-rtr.entrypoints=https"
  #     - "traefik.http.routers.filebrowser-rtr.rule=Host(`fb.$DOMAINNAME_CLOUD_SERVER`)"
  #     ## Middlewares
  #     - "traefik.http.routers.filebrowser-rtr.middlewares=chain-oauth@file"
  #     ## HTTP Services
  #     - "traefik.http.routers.filebrowser-rtr.service=filebrowser-svc"
  #     - "traefik.http.services.filebrowser-svc.loadbalancer.server.port=80"
  coder:
    # This MUST be stable for our documentation and
    # other automations.
    image: ghcr.io/coder/coder:${CODER_VERSION:-latest}
    container_name: coder
    profiles: ["frontend"]
    networks:
      - socket_proxy
    ports:
      - "7080:7080"
    environment:
      CODER_PG_CONNECTION_URL: "postgresql://${POSTGRES_USER:-username}:${POSTGRES_PASSWORD:-password}@postgre/${POSTGRES_DB:-coder}?sslmode=disable"
      CODER_HTTP_ADDRESS: "0.0.0.0:7080"
      # CODER_VERBOSE=true
      # You'll need to set CODER_ACCESS_URL to an IP or domain
      # that workspaces can reach. This cannot be localhost
      # or 127.0.0.1 for non-Docker templates!
      CODER_ACCESS_URL: "${CODER_ACCESS_URL}"
      # If the coder user does not have write permissions on
      # the docker socket, you can uncomment the following
      # lines and set the group ID to one that has write
      # permissions on the docker socket.
      #group_add:
      #  - "998" # docker group on host
    volumes:
      - $DOCKERDIR/appdata/coder:/home/coder/.config
      #  - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      postgre:
        condition: service_healthy
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.coder-rtr.entrypoints=https"
      - "traefik.http.routers.coder-rtr.rule=Host(`coder.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.coder-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.coder-rtr.service=coder-svc"
      - "traefik.http.services.coder-svc.loadbalancer.server.port=7080"
  pgadmin:
    container_name: pgadmin
    image: dpage/pgadmin4:latest
    profiles: ["db_setup", "frontend"]    
    environment:
     - PGADMIN_DEFAULT_EMAIL=${pgadmin_default_email:[email protected]} 
     - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD:-sfdgsdfgsfdg!} 
    #  - PGADMIN_CONFIG_SERVER_MODE:"False"
     - PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED:"False"
     - SCRIPT_NAME=/pgadmin4 
     - TZ:$TZ
     - CODER_VERBOSE=true
    #  - PUID:$PUID
    #  - PGID:$PGID
    volumes:
      - $DOCKERDIR/appdata/pgadmin:/var/lib/pgadmin
      - ./docker_pgadmin_servers.json:/pgadmin4/servers.json
    networks:
      - socket_proxy
    ports:
      - "15433:80"
    entrypoint:
      - "/bin/sh"
      - "-c"
      - "/bin/echo 'postgres:5432:*:postgres:password' > /tmp/pgpassfile && chmod 600 /tmp/pgpassfile && /entrypoint.sh"
    restart: unless-stopped   
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.pgadmin-rtr.entrypoints=https"
      - "traefik.http.routers.pgadmin-rtr.rule=Host(`data.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.pgadmin-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.pgadmin-rtr.service=pgadmin-svc"
      - "traefik.http.services.pgadmin-svc.loadbalancer.server.port=80"
  postgre:
    container_name: postgre
    image: "postgres:15.3"
    restart: always
    profiles: ["db_setup","frontend"]
    environment:
     - POSTGRES_PASSWORD=${POSTGRES_SU_PASSWORD:-changeme}
    # - POSTGRES_HOST_AUTH_METHOD=trust
    networks:
      - socket_proxy
    volumes:
      - $DOCKERDIR/appdata/postgresql:/var/lib/pgadmin
      - ./docker_pgadmin_servers.json:/pgadmin4/servers.json
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB",
        ]
      interval: 5s
      timeout: 5s
      retries: 5
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
      - "traefik.enable=true"
      # routers
      - "traefik.tcp.routers.postgres.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.postgres.entryPoints=postgres"
      - "traefik.tcp.routers.postgres.service=postgres"
      - "traefil.htcp.routers.postgres.rule=HOST('127.0.0.11')"
      # services (needed for TCP)
      - "traefik.tcp.services.postgres.loadbalancer.server.port=5432"

    # Jellyfin - Media Server
  jellyfin:
    image: jellyfin/jellyfin:latest
    container_name: jellyfin
    networks:
      - socket_proxy
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    user: $PUID:$PGID
    # devices:
    #   - /dev/dri:/dev/dri # for harware transcoding
    ports:
      - "8096:8096"
      # - "8920:8920" # Emby also uses same port if running both
    environment:
      UMASK_SET: 022
      TZ: $TZ
    volumes:
      - $DOCKERDIR/appdata/jellyfin:/config
      - $DATADIR1/downloads:/data/media
      - $EXTDIR1/downloads:/data/downloads
      - /dev/shm:/data/transcode # Offload transcoding to RAM if you have enough RAM
  portainer:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    container_name: portainer
    image: portainer/portainer-ee:latest
    profiles: ["db_setup","frontend"]
    # command: -H unix:///var/run/docker.sock # # Use Docker Socket Proxy instead for improved security
    command: -H tcp://socket-proxy:2375
    networks:
      - socket_proxy
    volumes:
      # - /var/run/docker.sock:/var/run/docker.sock:ro # # Use Docker Socket Proxy instead for improved security
      - $DOCKERDIR/appdata/portainer/data:/data # Change to local directory if you want to save/transfer config locally
    environment:
      - TZ=$TZ
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.portainer-rtr.entrypoints=https"
      - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.portainer-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.portainer-rtr.service=portainer-svc"
      - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
    # WatchTower - Automatic Docker Container Updates
  watchtower:
    image: containrrr/watchtower
    profiles: ["db_setup","frontend"]
    container_name: watchtower
    restart: unless-stopped
    networks:
      - socket_proxy
    depends_on:
      - socket-proxy
    environment:
      TZ: $TZ
      WATCHTOWER_CLEANUP: "true"
      WATCHTOWER_REMOVE_VOLUMES: "true"
      WATCHTOWER_INCLUDE_STOPPED: "true"
      WATCHTOWER_NO_STARTUP_MESSAGE: "false"
      WATCHTOWER_SCHEDULE: "00 30 12 * * *" # Everyday at 12:30
      # WATCHTOWER_NOTIFICATIONS: shoutrrr
      # WATCHTOWER_NOTIFICATION_URL: "telegram://$TGRAM_BOT_TOKEN@telegram?channels=$TGRAM_CHAT_ID"
      # WATCHTOWER_NOTIFICATIONS_LEVEL: info
      DOCKER_HOST: tcp://socket-proxy:2375
      DOCKER_API_VERSION: "1.40"
# Jellyfin - Media Server
  jellyfin:
    <<: *common-keys-media # See EXTENSION FIELDS at the top
    image: jellyfin/jellyfin:latest
    profiles: ["db_setup","frontend"]
    container_name: jellyfin
    devices:
    - /dev/dri:/dev/dri # for harware transcoding
    ports:
      - "$JELLYFIN_PORT:8096"
      - "8920:8920" # Emby also uses same port if running both
    environment:
      <<: *default-tz-puid-pgid
      UMASK_SET: 022
    volumes:
      - $DOCKERDIR/appdata/jellyfin:/config
      - $DATADIR/temp/appdata/jellyfin/metadata:/config/metadata
      - $DATADIR/downloads:/data/downloads
      - $DATADIR1:/data/media
      # - /dev/shm:/data/transcode # Offload transcoding to RAM if you have enough RAM
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.jellyfin-rtr.entrypoints=https"
      - "traefik.http.routers.jellyfin-rtr.rule=Host(`jelly.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.jellyfin-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc"
      - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
  # InfluxDB - Database for sensor data
  influxdb:
    image: influxdb:latest
    container_name: influxdb
    networks:
      socket_proxy:
        ipv4_address: $influxdb_ip
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    environment:
      - LOG-LEVEL=debug
    ports:
      - "8086:8086"
    volumes:
      - $DOCKERDIR/appdata/influxdb2/config:/etc/influxdb2
      - $DOCKERDIR/appdata/influxdb2/db:/var/lib/influxdb2
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.influxdb-rtr.entrypoints=https"
      - "traefik.http.routers.influxdb-rtr.rule=Host(`infl.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.influxdb-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.influxdb-rtr.service=influxdb-svc"
      - "traefik.http.services.influxdb-svc.loadbalancer.server.port=8086"  # Glances - System Information
  glances:
    <<: *common-keys-apps # See EXTENSION FIELDS at the top
    image: nicolargo/glances:latest-full
    container_name: glances
    profiles: ["db_setup","frontend"]
    # privileged: true # Only for VM
    # network_mode: host
    networks:
      - socket_proxy
    ports:
      - "61208:61208"
    pid: host
    volumes:
      - $DOCKERDIR/appdata/glances/glances.conf:/glances/conf/glances.conf # Use this if you want to add a glances.conf file
      - $USERDIR:/data/home:ro
      - /media/data:/data/data:ro
      # - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security
    environment:
      GLANCES_OPT: "-C /glances/conf/glances.conf --export influxdb2 -q"
      # GLANCES_OPT: "--export influxdb"
      # GLANCES_OPT: "-w"
      DOCKER_HOST: tcp://socket-proxy:2375
      TZ: $TZ
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.glances-rtr.entrypoints=https"
      - "traefik.http.routers.glances-rtr.rule=Host(`glances.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.glances-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.glances-rtr.service=glances-svc"
      - "traefik.http.services.glances-svc.loadbalancer.server.port=61208"
  node-red:
    image: nodered/node-red:latest
    environment:
      - TZ=$TZ
      - CODER_HTTP_ADDRESS:0.0.00:1880
    ports:
      - "1880:1880"
    profiles: ["db_setup","frontend"]
    container_name: nodered
    networks:
      - socket_proxy
    volumes:
      - $DOCKERDIR/appdata/node-red-data:/data
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.nodered-rtr.entrypoints=https"
      - "traefik.http.routers.nodered-rtr.rule=Host(`nodered.$DOMAINNAME_CLOUD_SERVER`)"
      ## Middlewares
      - "traefik.http.routers.nodered-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.nodered-rtr.service=nodered-svc"
      - "traefik.http.services.nodered-svc.loadbalancer.server.port=1880"