{"id":15136206,"url":"https://github.com/crasoke/get-traefiked","last_synced_at":"2026-03-07T20:04:51.459Z","repository":{"id":237320446,"uuid":"794284883","full_name":"crasoke/get-traefiked","owner":"crasoke","description":"All in one compose file for multiple services with traefik as reverse proxy","archived":false,"fork":false,"pushed_at":"2025-05-11T14:41:55.000Z","size":15,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-25T06:43:11.917Z","etag":null,"topics":["bitwarden","crowdsec","docker-compose","nextcloud","traefik","wireguard"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crasoke.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-04-30T20:21:21.000Z","updated_at":"2025-05-11T14:43:50.000Z","dependencies_parsed_at":"2024-05-04T23:21:47.453Z","dependency_job_id":"d11679ab-ce52-48af-868b-8fefa890b4b9","html_url":"https://github.com/crasoke/get-traefiked","commit_stats":null,"previous_names":["crasoke/docker-traefik-nextcloud-vaultwarden"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/crasoke/get-traefiked","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crasoke%2Fget-traefiked","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crasoke%2Fget-traefiked/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crasoke%2Fget-traefiked/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crasoke%2Fget-traefiked/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crasoke","download_url":"https://codeload.github.com/crasoke/get-traefiked/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crasoke%2Fget-traefiked/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30229590,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T19:01:10.287Z","status":"ssl_error","status_checked_at":"2026-03-07T18:59:58.103Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bitwarden","crowdsec","docker-compose","nextcloud","traefik","wireguard"],"created_at":"2024-09-26T06:04:32.857Z","updated_at":"2026-03-07T20:04:51.434Z","avatar_url":"https://github.com/crasoke.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Get TRAEFIKed\n\nThis project provides a `docker-compose` file for setting up a server with:\n\n- [Nextcloud](https://nextcloud.com/)\n- [Vaultwarden](https://github.com/dani-garcia/vaultwarden)\n- [Wireguard](https://github.com/wg-easy/wg-easy)\n- your custom Blog, for example, using [Hugo](https://gohugo.io/)\n\nAll those services are behind a [Traefik](https://traefik.io/) reverse proxy, as well as all public accessible sites are using [Crowdsec](https://www.crowdsec.net/) as IPS system.\n\n## Requirements\n\n- Docker\n- Docker Compose\n\n## Quickstart\n\n1. Insert the necessary A Records in your Domain DNS configuration ([more information](https://www.cloudflare.com/learning/dns/dns-records/dns-a-record/)), for example:\n\n| Subdomain               | Record Type | Value       | TTL   |\n|-------------------------|-------------|-------------|-------|\n| @ (example.com)         | A           | 8.8.8.8     | 14400 |\n| cloud.example.com       | A           | 8.8.8.8     | 14400 |\n| bitwarden.example.com   | A           | 8.8.8.8     | 14400 |\n| wg.example.com          | A           | 8.8.8.8     | 14400 |\n2. Create a [Crowdsec](https://www.crowdsec.net/) account \n3. Log into the [Crowdsec console](https://app.crowdsec.net), copy the [enrollment key](https://docs.crowdsec.net/u/getting_started/post_installation/console/#engines-page) and insert it into the [.env](.env) file (`CROWDSEC_ENROLL_KEY=...`).\n4. Now generate the crowdsec API key for the LAPI. ([more info](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin))\n   ```bash\n   docker compose up -d crowdsec\n   docker exec crowdsec cscli bouncers add crowdsecBouncer\n   docker compose down crowdsec\n   ```\n   Insert the generated key into the [.env](.env) file (`CROWDSEC_LAPI_KEY=...`).\n\n\n4. Fill in the rest of the information in the [.env](.env) file. An example is provided in the [.env.example](.env.example) file (consider adding your public IP to the IPALLOWLIST for setting up):\n   ```bash\n   EMAIL=max.mustermann@example.com\n   DOMAIN=example.com\n   VAULTWARDEN_ADMIN_PASSWORD=KDEcaaGUd9kCjmN623U2PMWjUwUqNrLJ\n   MYSQL_ROOT_PASSWORD=RJnLKLWVT6uCGrVxqzc4bfew2CVUSDP7\n   MYSQL_PASSWORD=coahwpXuLTRYhbrJY2UVqgrPri9hLJnE\n   WG_PASSWORD=b2rVHQmvgaNHQDY9jNfRrbzVWKCLDQHy\n   IPALLOWLIST=172.16.0.0/12\n   CROWDSEC_LAPI_KEY=2abpGRXqQnq8KSaHgfFtdV/CnVVvWmU8cCZ2CDhgJZH\n   CROWDSEC_ENROLL_KEY=gxyc3igakixgge23ei3bo4f6i\n   ```\n5. Insert your custom static blog/website in the [blog](data/blog/) folder, for example, using [Hugo](https://gohugo.io/).\n6. Run the following command to start the services:\n   ```bash\n   docker-compose up -d\n   ```\n\n## Subdomain Map\n\n- running the compose file, will spin up the following subdomains\n\n| Subdomain                        | Service                   | Externally Reachable                                                   |\n|----------------------------------|---------------------------|------------------------------------------------------------------------|\n| `cloud.\u003cyour domain\u003e`            | Nextcloud                 | No (except shared links via `/s/`)                                     |\n| `bitwarden.\u003cyour domain\u003e`        | Vaultwarden (Bitwarden)   | Yes (except admin interface at `/admin`)                               |\n| `wg.\u003cyour domain\u003e`               | WireGuard VPN             | No (web interface not reachable, but VPN port is exposed externally)   |\n| `\u003cyour domain\u003e`                  | Blog                      | Yes                                                                    |\n\n## Services\n\n- besides the services in the `docker-compose` file, the project has the file [examples.yml](examples.yml) which has some configuration for other services:\n   - [OpenProject](https://www.openproject.org/)\n   - TODO\n- for them to run, just copy the service you want to run, and insert it in the `docker-compose` file (and if necessary add additional env vars)\n\n## Remarks\n\n- For testing, uncomment `--log.level=DEBUG` and `--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory` lines in the docker-compose file. This is useful for debugging and because Let's Encrypt has a rate limit of 50 certificate requests per week. [more about rate limits here](https://letsencrypt.org/docs/rate-limits/).\n- For the initial configuration of Vaultwarden, Wireguard and Nextcloud, it is recommended to change the `IPALLOWLIST` environment var to your public IP address (from where you SSH into) and then change it back after the configuration is complete.\n- Consider disabling signups in Vaultwarden after creating your account by setting `\"signups_allowed\": false` in the `data/vaultwarden/config.json` or visiting the admin page (`bitwarden.\u003cyour_domain\u003e/admin`).\n- right now traefik uses the HTTP challange for certificate validation ([more info](https://letsencrypt.org/docs/challenge-types/)), in case you want to change it to another challange (for example if you want to have wildcard certificates), look [here](https://doc.traefik.io/traefik/https/acme/).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrasoke%2Fget-traefiked","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrasoke%2Fget-traefiked","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrasoke%2Fget-traefiked/lists"}