Yes of course, everyone was very helpful to me here so I hope to do the same. I actually run audiobookshelf as well, caddy allows you to serve it as https so your users don’t get a scary “insecure” warning. Here’s an example:
wallaby-gopher is my tailnet, you can chose anything you want infront of it, for example I used books for my audiobookshelf server. Some other things will have to change depending on your hardware, like jellyfin won’t use nvidia on a rpi. I removed the auth key, and you can just approve the new machines via the links from caddy’s container logs.
configs:
Caddyfile:
content: |
{
tailscale {
state_dir /tailscale
}
}
https://jellyfin.wallaby-gopher.ts.net: {
bind tailscale/jellyfin
reverse_proxy jellyfin:8096
}
https://nextcloud.wallaby-gopher.ts.net {
bind tailscale/nextcloud
reverse_proxy host.docker.internal:11000
}
https://collabora.wallaby-gopher.ts.net {
bind tailscale/collabora
reverse_proxy collabora:9980
}
https://books.wallaby-gopher.ts.net {
bind tailscale/books
reverse_proxy audiobookshelf:80
}
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed
#caddy/tailscale configs
caddy:
tailscale:
#jellyfin
jellyconfig:
jellycache:
#audiobookshelf
audioc:
audiom:
#email
thunderbird:
protonmail:
services:
#for local emails
thunderbird:
image: jlesage/thunderbird
ports:
- "5800:5800"
volumes:
- thunderbird:/config:rw
restart: unless-stopped
#for thunderbird to get protonmail
protonmail-bridge:
image: shenxn/protonmail-bridge
ports:
- 1025:25/tcp
- 1143:143/tcp
restart: unless-stopped
volumes:
- protonmail:/root
jellyfin:
image: jellyfin/jellyfin
user: 1000:1000
volumes:
#- /media/server/server/jellyfin-server/config:/config
- jellyconfig:/config
#- /media/server/server/jellyfin-server/cache:/cache
- jellycache:/cache
# ro means read only, we don't want jellyfin accidentally deleting our files
- /media/16d1/Shows and Movies/Movies:/Movies:ro
- /media/16d1/Shows and Movies/Shows:/Shows:ro
#- /media/16tb/Books:/Books:ro
- /home/drm/Music:/music:ro
restart: unless-stopped
runtime: nvidia
deploy:
resources:
reservations:
devices:
- capabilities: [gpu]
depends_on:
- caddy
#audiobooks, does better than Kavita for ebooks too
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf
volumes:
- /media/16d1/Books/Audiobooks:/audiobooks
- /media/16d1/Books:/books
#- </path/to/podcasts>:/podcasts
- audioc:/config
- audiom:/metadata
environment:
- TZ=America/Chicago
restart: unless-stopped
caddy:
build:
dockerfile_inline: |
FROM caddy:2-builder AS builder
RUN xcaddy build latest \
--with github.com/tailscale/caddy-tailscale
FROM caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
hostname: caddy
container_name: "caddy"
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- caddy:/data
- tailscale:/tailscale
configs:
- source: Caddyfile
target: /etc/caddy/Caddyfile
restart: unless-stopped
#nextcloud
nextcloud:
image: nextcloud/all-in-one
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
ports:
- 8080:8080
environment: # Is needed when using any of the options below
# - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
#- SKIP_DOMAIN_VALIDATION=true #might not be helping?
- APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- APACHE_IP_BINDING=0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
# - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
# - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
- NEXTCLOUD_UPLOAD_LIMIT=1G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
- NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
- NEXTCLOUD_MEMORY_LIMIT=1024M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
# - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
# - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
- TALK_PORT=3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
# - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
depends_on:
- caddy
#for nextcloud office to work
collabora:
image: collabora/code
container_name: collaborac
restart: unless-stopped
ports:
- 9980:9980
environment: #--o:security.capabilities=false did not help with phone backspace either
- username=admin
- password=Secret.Password
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
#- dictionaries=en
cap_add: #- SYS_ADMIN sometimes needed due to permission issue, - CHOWN no difference?
- MKNOD
- SYS_ADMIN
#tty: true
depends_on:
- nextcloud