nerdlicht/docker-container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add haus, bit.ly, huly. beszel, portracker

Browse Source
This commit is contained in:
Sönke Domröse
2025-08-28 22:07:45 +02:00
parent 88e69950e0
commit bdc93829f1
11 changed files with 338 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
portracker/Caddyfilepart
View File

@@ -0,0 +1,5 @@
portracker.domr.ovh,
portracker.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4999
}

121
portracker/docker-compose.yml
View File

@@ -0,0 +1,121 @@
services:
portracker:
image: mostafawahied/portracker:latest
container_name: portracker
restart: unless-stopped
# Required for comprehensive system port detection
# This allows Portracker to see all host processes for accurate port mapping
pid: "host"
# Capabilities & security (universal, required)
# - SYS_PTRACE enables reading other processes' /proc entries on Linux hosts
# - SYS_ADMIN enables namespace entry on Docker Desktop (macOS/Windows)
# - apparmor:unconfined disables AppArmor restrictions that may block /proc access
cap_add:
- SYS_PTRACE
- SYS_ADMIN
security_opt:
- apparmor:unconfined
volumes:
# Required: Data persistence for SQLite database
- /home/soenke/docker-data/portracker/portracker-data:/data
# Required: Docker socket access for container discovery
# Comment out if using docker-proxy setup below
- /var/run/docker.sock:/var/run/docker.sock:ro
# Advanced: Host filesystem access (usually not needed with pid: "host")
# Uncomment only if you experience issues with port detection
# - /proc:/host/proc:ro
# - /sys/fs/cgroup:/host/sys/fs/cgroup:ro
ports:
- "4999:4999"
environment:
# CORE CONFIGURATION (Required)
- DATABASE_PATH=/data/portracker.db
- PORT=4999
# Tell Portracker where to find the host /proc (matches the volume above)
- HOST_PROC=/host/proc
# DOCKER CONFIGURATION
# Uncomment to use with docker-proxy for enhanced security
# - DOCKER_HOST=tcp://docker-proxy:2375
# TRUENAS INTEGRATION (Optional)
# Uncomment and set your API key for enhanced TrueNAS features:
# - VM discovery and monitoring
# - Enhanced system information
# - TrueNAS-specific optimizations
# - TRUENAS_API_KEY=your-api-key-here
# PERFORMANCE SETTINGS (Optional)
# Cache duration - increase for better performance, decrease for fresher data
# - CACHE_TIMEOUT_MS=60000
# Disable caching entirely (not recommended for production)
# - DISABLE_CACHE=true
# ADVANCED PORT SCANNING (Optional)
# Include UDP ports in scans (may increase noise and impact performance)
# - INCLUDE_UDP=true
# DEVELOPMENT & DEBUGGING (Optional)
# Enable verbose logging for troubleshooting
# - DEBUG=true
# Optional: Health check for monitoring
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:4999/api/health"]
interval: 30s
timeout: 10s
start_period: 30s
retries: 3
# OPTIONAL: Enhanced Security with Docker Socket Proxy
# Uncomment the entire section below for additional Docker socket security
# This adds a proxy layer between Portracker and the Docker socket
# docker-proxy:
# image: tecnativa/docker-socket-proxy:latest
# container_name: portracker-docker-proxy
# restart: unless-stopped
# environment:
# # Only allow read operations Portracker needs
# - CONTAINERS=1
# - IMAGES=1
# - INFO=1
# - NETWORKS=1
# # Disable write operations for security
# - POST=0
# - BUILD=0
# - COMMIT=0
# - EXEC=0
# - SWARM=0
# - EVENTS=0
# - VOLUMES=0
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock:ro
# ports:
# - "2375:2375"
# When using docker-proxy:
# 1. Uncomment the entire docker-proxy service above
# 2. Comment out the /var/run/docker.sock volume mount in portracker service
# 3. Uncomment the DOCKER_HOST environment variable in portracker service
# 4. Add depends_on to portracker service:
# depends_on:
# - docker-proxy
# Optional: Custom networks for isolation
# networks:
# portracker:
# driver: bridge
# Optional: Named volumes for better data management
# volumes:
# portracker-data:
# driver: local