Configuring with Traefik?

[xaiyeon]

I wanted to add VPN to this docker compose file; the original was already working, so I decided to add surfshark and added the modifications. I was unable to find a solution asking, and trying chatGPT as well. Ports on router are open, and network via traefik and docker is working (have other services running)...

I'm not able to access the webUI portions as specified in the example; how would I configure to be able to access via Cloudflare-DNS, pi-hole?

I dont' get any errors in the docker logs, otherwise than connection via each other service like sonar, radar, etc, not being able to access qbitorrent, etc. thank you sir

Sorry if it takes a bit of your time (I'm at a loss, and been trying for a day now), what should I change to be able to access the sites again via domain ex (https://sonarrms.mydomain.com/):

version: '3.9'
services:
  # must be used with plex and qbitorrent
  ## automatic
  caddyaqbit:
    build:
      context: .
      dockerfile: ./dockerfiles/caddyaqbitdockerfile
    container_name: caddyaqbit
    restart: always
    #depends_on:
    #  - qbittorrent
    networks:
      - traefik
      - public-torrent2
    network_mode: service:surfshark
    environment:
      - "ACME_AGREE=true"
    labels:
      traefik.enable: true
      traefik.http.middlewares.caddyaqbit-redirect-web-secure.redirectscheme.scheme: https
      traefik.http.routers.caddyaqbit-web.middlewares: caddyqbit-redirect-web-secure
      traefik.http.routers.caddyaqbit-web.rule: Host(`aqbit.$DNAH`)
      traefik.http.routers.caddyaqbit-web.entrypoints: http
      traefik.http.routers.caddyaqbit-web-secure.rule: Host(`aqbit.$DNAH`)
      traefik.http.routers.caddyaqbit-web-secure.tls.certresolver: dns-cloudflare
      traefik.http.routers.caddyaqbit-web-secure.tls: true
      traefik.http.routers.caddyaqbit-web-secure.entrypoints: https

  ## automatic

  surfshark:
    image: ilteoood/docker-surfshark
    container_name: surfshark
    environment:
      - SURFSHARK_USER=$MY_SSHARK_USER
      - SURFSHARK_PASSWORD=$MY_SSHARK_PASS
      #- SURFSHARK_COUNTRY=it
      #- SURFSHARK_CITY=mil
      - CONNECTION_TYPE=udp
      - LAN_NETWORK=
      - OVPN_CONFIGS=/config
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - ./config/prod/surfshark/user_config:/config
      - /etc/localtime:/etc/localtime:ro
    ports: # you specify the ports here used for the other services!
      # - 1080:1080 #if you want to use the SOCKS5 server (not encrypted)
      # MUSE app, for audacity is using port 6882.
      - 8088:8088 # aqbittorrent ui
      - 6883:6881 # aqbittorrent 
      - 6888:6888/tcp # aqbittorrent , old
      - 6888:6888/udp # aqbittorrent , old
      - 6789:6789 # nzbgetms
      - 8989:8989 # sonarrms
      - 7878:7878 # radarrms
      - 9696:9696 # prowlarrms
    restart: unless-stopped
    dns:
      - 1.1.1.1
    networks:
      - traefik
      - public-torrent2

  aqbittorrent:
    image: lscr.io/linuxserver/qbittorrent
    container_name: aqbittorrent
    restart: always
    #security_opt:
    #  - no-new-privileges:true
    environment:
      - PUID=1000
      - PGID=1000
      - WEBUI_PORT=8088
      - TZ=$TZ
    #user: "998:998"
    networks:
      - public-torrent2
    # ports:
    #   - 8088:8088
    #   - 6888:6888/tcp
    #   - 6888:6888/udp
    volumes:
      - $APPDATA_PATH/aqbittorrent:/config
      - $STORAGE2_DRIVE_PATH/auto_media2/tor_seeds:/torrents
      - $STORAGE2_DRIVE_PATH/auto_media2/tor_magnets_dl:/downloads
      ## for sonarr
      - $STORAGE2_DRIVE_PATH/auto_media2/tor_show_dl:/show_downloads
      ## for radarr and lidarr
      - $STORAGE2_DRIVE_PATH/auto_media2/tor_movie_dl:/movie_downloads
      - $STORAGE2_DRIVE_PATH/auto_media2/tor_music_dl:/music_downloads
    network_mode: service:surfshark
    depends_on:
      - surfshark
    healthcheck:
      test: curl google.com || exit 1
      interval: 30s
      timeout: 10s
      retries: 3

  caddynzbget:
    build:
      context: .
      dockerfile: ./dockerfiles/caddynzdockerfile
    container_name: caddynzbget
    restart: always
    #depends_on:
    #  - qbittorrent
    networks:
      - traefik
      - public-torrent2
    environment:
      - "ACME_AGREE=true"
    labels:
      traefik.enable: true
      traefik.http.middlewares.caddynzbget-redirect-web-secure.redirectscheme.scheme: https
      traefik.http.routers.caddynzbget-web.middlewares: caddynzbget-redirect-web-secure
      traefik.http.routers.caddynzbget-web.rule: Host(`nzbgetms.$DNAH`)
      traefik.http.routers.caddynzbget-web.entrypoints: http
      traefik.http.routers.caddynzbget-web-secure.rule: Host(`nzbgetms.$DNAH`)
      traefik.http.routers.caddynzbget-web-secure.tls.certresolver: dns-cloudflare
      traefik.http.routers.caddynzbget-web-secure.tls: true
      traefik.http.routers.caddynzbget-web-secure.entrypoints: https

  nzbgetms:
    image: linuxserver/nzbget
    container_name: nzbgetms
    volumes:
      - $APPDATA_PATH/nzbget_shows:/config
      - $STORAGE2_DRIVE_PATH/auto_media2/tor_magnets_dl:/downloads
    restart: always
    networks:
      - public-torrent2
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=$TZ
      - "ACME_AGREE=true"
    # ports:
    #   - 6789:6789
    network_mode: service:surfshark
    depends_on:
      - surfshark

  sonarrms:
    image: linuxserver/sonarr
    container_name: sonarrms
    restart: always
    networks:
      - traefik
      - public-torrent2
    network_mode: service:surfshark
    depends_on:
      - nzbgetms
      - surfshark
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - $APPDATA_PATH/sonarr:/config
      - $STORAGE2_DRIVE_PATH/auto_media2/tor_magnets_dl:/downloads
      - $STORAGE2_DRIVE_PATH/auto_media2/shows:/tv
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=$TZ
      - "ACME_AGREE=true"
    # ports:
    #   - 8989:8989
    labels:
      traefik.enable: true
      traefik.http.middlewares.sonarrms-redirect-web-secure.redirectscheme.scheme: https
      traefik.http.routers.sonarrms-web.middlewares: sonarrms-redirect-web-secure
      traefik.http.routers.sonarrms-web.rule: Host(`sonarrms.$DNAH`)
      traefik.http.routers.sonarrms-web.entrypoints: http
      traefik.http.routers.sonarrms-web-secure.rule: Host(`sonarrms.$DNAH`)
      traefik.http.routers.sonarrms-web-secure.tls.certresolver: dns-cloudflare
      traefik.http.routers.sonarrms-web-secure.tls: true
      traefik.http.routers.sonarrms-web-secure.entrypoints: https
      ## Middlewares
      traefik.http.routers.traefik-rtr.middlewares: middlewares-basic-auth@file

  radarrms:
    image: lscr.io/linuxserver/radarr
    container_name: radarrms
    restart: always
    networks:
      - public-torrent2
      - traefik
    # ports:
    #   - 7878:7878
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=$TZ
      - "ACME_AGREE=true"
    network_mode: service:surfshark
    depends_on:
      - surfshark
      - aqbittorrent
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - $APPDATA_PATH/radarr:/config
      - $STORAGE2_DRIVE_PATH/auto_media2/tor_magnets_dl:/downloads
      - $STORAGE2_DRIVE_PATH/auto_media2/movies:/movies
    labels:
      traefik.enable: true
      traefik.http.middlewares.radarrms-redirect-web-secure.redirectscheme.scheme: https
      traefik.http.routers.radarrms-web.middlewares: radarrms-redirect-web-secure
      traefik.http.routers.radarrms-web.rule: Host(`radarrms.$DNAH`)
      traefik.http.routers.radarrms-web.entrypoints: http
      traefik.http.routers.radarrms-web-secure.rule: Host(`radarrms.$DNAH`)
      traefik.http.routers.radarrms-web-secure.tls.certresolver: dns-cloudflare
      traefik.http.routers.radarrms-web-secure.tls: true
      traefik.http.routers.radarrms-web-secure.entrypoints: https

  ## Popular indexer for all
  prowlarrms:
    image: linuxserver/prowlarr:develop
    container_name: prowlarrms
    restart: always
    networks:
      - public-torrent2
      - traefik
    # ports:
    #   - 9696:9696
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=$TZ
      - "ACME_AGREE=true"
    network_mode: service:surfshark
    depends_on:
      - surfshark
      - aqbittorrent
    volumes:
      - $APPDATA_PATH/prowlarrms:/config
    labels:
      traefik.enable: true
      traefik.http.middlewares.prowlarrms-redirect-web-secure.redirectscheme.scheme: https
      traefik.http.routers.prowlarrms-web.middlewares: prowlarrms-redirect-web-secure
      traefik.http.routers.prowlarrms-web.rule: Host(`prowlarrms.$DNAH`)
      traefik.http.routers.prowlarrms-web.entrypoints: http
      traefik.http.routers.prowlarrms-web-secure.rule: Host(`prowlarrms.$DNAH`)
      traefik.http.routers.prowlarrms-web-secure.tls.certresolver: dns-cloudflare
      traefik.http.routers.prowlarrms-web-secure.tls: true
      traefik.http.routers.prowlarrms-web-secure.entrypoints: https

networks:
  traefik:
    external: true
  public-torrent2:
    external: true

[ilteoood]

You should put the VPN Container in the same network as traefik, and define on the VPN Container the traefik labels. Then, you should move all your containers to be connected to the VPN through the network mode.

[xaiyeon]

Thank you sir! It works

I was trying to get the traefik to work with my custom domains, but I am unsure what to do next.. I tried adding labels like this

    labels:
      traefik.enable: true
      traefik.docker.network: traefik
      # for sonarr
      traefik.http.routers.sonarrms-web-secure.entrypoints: https
      traefik.http.routers.sonarrms-web.rule: Host(`sonarrms.$DNAH`)
      traefik.http.routers.sonarrms.service: sonarrms
      traefik.http.services.sonarrms.loadbalancer.server.port: 8989
      traefik.http.routers.sonarrms-web-secure.tls.certresolver: dns-cloudflare

under the VPN service, but I just get an page 404 when trying to visit the URL, but if I go to localhost:8989 the webpage loads fine. Do I have to open ports on my physical router or add something to cloudflare DNS?

[ilteoood]

Sorry I lost the notification about your reply. Do you still have the same problem?