-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose-with-proxy.yml
150 lines (140 loc) · 4.9 KB
/
docker-compose-with-proxy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
version: "3.8"
#======================================================================================================================
# Restart policy.
#======================================================================================================================
x-restart: &restart
restart: unless-stopped
#======================================================================================================================
# Environment variables shared with each container.
#======================================================================================================================
x-common-env: &common
TZ: ${TIMEZONE}
#======================================================================================================================
# Unbound environment variables.
# - commented variables contain Unbound's default values
# - uncommented variables are my suggested overrides
#======================================================================================================================
x-unbound-env: &unbound
BF_UNBOUND_ENABLE_DNSSEC: 1
#BF_UNBOUND_AGGRESSIVE_NSEC: yes
#BF_UNBOUND_CACHE_MAX_TTL: 86400
BF_UNBOUND_CACHE_MIN_TTL: 3600
BF_UNBOUND_DENY_ANY: yes
#BF_UNBOUND_DO_IP4: yes
BF_UNBOUND_DO_IP6: no
#BF_UNBOUND_DO_NOT_QUERY_LOCALHOST: yes
#BF_UNBOUND_DO_TCP: yes
#BF_UNBOUND_DO_UDP: yes
#BF_UNBOUND_EDNS_BUFFER_SIZE: 1232
#BF_UNBOUND_EXTENDED_STATISTICS: no
BF_UNBOUND_HARDEN_ALGO_DOWNGRADE: yes
BF_UNBOUND_HARDEN_BELOW_NXDOMAIN: yes
BF_UNBOUND_HARDEN_DNS_STRIPPED: yes
#BF_UNBOUND_HARDEN_GLUE: yes
BF_UNBOUND_HARDEN_LARGE_QUERIES: yes
#BF_UNBOUND_HARDEN_SHORT_BUFSIZE: yes
BF_UNBOUND_HARDEN_UNKNOWN_ADDITIONAL: yes
BF_UNBOUND_HIDE_HTTP_USER_AGENT: yes
BF_UNBOUND_HIDE_IDENTITY: yes
BF_UNBOUND_HIDE_VERSION: yes
#BF_UNBOUND_INCOMING_NUM_TCP: 10
#BF_UNBOUND_INTERFACE_AUTOMATIC: no
#BF_UNBOUND_MAX_UDP_SIZE: 4096
#BF_UNBOUND_MINIMAL_RESPONSES: yes
#BF_UNBOUND_NUM_THREADS: 1
#BF_UNBOUND_OUTGOING_NUM_TCP: 10
#BF_UNBOUND_PREFER_IP4: no
#BF_UNBOUND_PREFER_IP6: no
BF_UNBOUND_PREFETCH_KEY: yes
BF_UNBOUND_PREFETCH: yes
BF_UNBOUND_PRIVATE_ADDRESS_ENABLE: 1
#BF_UNBOUND_QNAME_MINIMISATION: yes
#BF_UNBOUND_SHM_ENABLE: no
#BF_UNBOUND_SHM_KEY: 11777
#BF_UNBOUND_SO_RCVBUF: 0
#BF_UNBOUND_SO_SNDBUF: 0
#BF_UNBOUND_STATISTICS_CUMULATIVE: no
#BF_UNBOUND_STATISTICS_INHIBIT_ZERO: yes
#BF_UNBOUND_STATISTICS_INTERVAL: 0
BF_UNBOUND_USE_CAPS_FOR_ID: yes
#BF_UNBOUND_VERBOSITY: 1
#======================================================================================================================
# Pi-hole environment variables.
#======================================================================================================================
x-pihole-env: &pihole
PIHOLE_DNS_: unbound;unbound-backup
VIRTUAL_HOST: ${PIHOLE_HOST_NAME}
WEBPASSWORD: ${PIHOLE_ADMIN_PASSWORD}
#======================================================================================================================
# Proxy server environment variables.
#======================================================================================================================
x-proxy-env: &proxy
PROXY_AUTO_PRIMARY: ${PIHOLE_DOMAIN}
PROXY_AUTO_UPSTREAM: http://pihole
PROXY_DOMAIN: ${PROXY_DOMAIN}
PROXY_LETS_ENCRYPT_EMAIL: ${PROXY_LETS_ENCRYPT_EMAIL}
PROXY_LETS_ENCRYPT_LIVE: ${PROXY_LETS_ENCRYPT_LIVE}
#======================================================================================================================
# Service definitions.
#======================================================================================================================
services:
unbound:
image: bfren/unbound:latest
container_name: unbound
<<: *restart
environment:
<<: [*common, *unbound]
networks:
dns:
ipv4_address: ${IP_RANGE}.2
unbound-backup:
image: bfren/unbound:${BF_UNBOUND_PIN} # suggest updating this pinned version manually after each release
container_name: unbound-backup
<<: *restart
environment:
<<: [*common, *unbound]
networks:
dns:
ipv4_address: ${IP_RANGE}.200
pihole:
image: pihole/pihole:latest
container_name: pihole
depends_on:
- unbound
- unbound-backup
<<: *restart
ports:
- "53:53/tcp"
- "53:53/udp"
environment:
<<: [*common, *pihole]
volumes:
- ./v/pihole:/etc/pihole
- ./v/dnsmasq:/etc/dnsmasq.d
networks:
dns:
ipv4_address: ${IP_RANGE}.3
proxy:
image: bfren/nginx-proxy:7
container_name: proxy
depends_on:
- pihole
<<: *restart
ports:
- "80:80"
- "443:443"
environment:
<<: [*common, *proxy]
volumes:
- ./v/sites:/sites
- ./v/ssl:/ssl
networks:
dns:
ipv4_address: ${IP_RANGE}.4
networks:
dns:
name: dns
ipam:
driver: default
config:
- subnet: ${IP_RANGE}.0/16