services: caddy: build: context: ./caddy-labeled dockerfile: Dockerfile container_name: caddy restart: unless-stopped ports: - "80:80" - "443:443" - "443:443/udp" # HTTP/3 environment: - CADDY_INGRESS_NETWORKS=proxy - CF_API_TOKEN=${CF_API_TOKEN} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - caddy_data:/data - ./Caddyfile:/etc/caddy/Caddyfile:ro networks: [proxy] command: ["caddy","docker-proxy","--docker-sockets","unix:///var/run/docker.sock"] tinyauth: image: ghcr.io/steveiliop56/tinyauth:v3 container_name: tinyauth restart: unless-stopped environment: - LOG_LEVEL=2 - APP_URL=https://auth.realy.nothing.help - SECRET=${TINYAUTH_SECRET} - USERS=${TINYAUTH_USERS} - COOKIE_SECURE=true - DISABLE_CONTINUE=true - APP_TITLE="Оставь надежду, всяк сюда входящий..." - FORGOT_PASSWORD_MESSAGE="Штош, сочувствую, но нчием помочь не могу." expose: ["3000"] networks: [proxy] labels: caddy: auth.realy.nothing.help caddy.encode: zstd gzip caddy.reverse_proxy: "{{upstreams 3000}}" portainer: image: portainer/portainer-ce:latest container_name: portainer restart: always expose: - "9000" # HTTP UI внутрь докера - "8000" # Edge (если нужен: лучше через NetBird; иначе публикуйте отдельно с FW) volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer_data:/data networks: [proxy] labels: caddy: port.realy.nothing.help caddy.encode: zstd gzip caddy.import: tinyauth_forwarder caddy.reverse_proxy: "{{upstreams 9000}}" volumes: caddy_data: portainer_data: networks: proxy: external: true