Authentik Identity Provider Purpose: Centralized authentication and authorizationStack: authImages: ghcr.io/goauthentik/server:latestPlacement: Manager node (p0)
Components:
Authentik Server: Web interface and API Authentik Worker: Background tasks Authentik Redis: Session storage Key Configuration:
environment: AUTHENTIK_POSTGRESQL__HOST: postgres AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_SECRET_KEY: [SECRET] Access:https://auth.bitfrost.me
Features:
SAML/OAuth2/OIDC provider User management Multi-factor authentication Application integration Basic Authentication Middleware Purpose: Simple authentication for Traefik dashboardImplementation: Traefik middleware
Configuration:
traefik-auth: basicAuth: users: ["admin:[SECRET]"] Secret Management Docker Secrets:
traefik_cloudflare_api_token: Cloudflare API access Stored in:/mnt/swarm-data/traefik/cloudflare_api_token.
Nextcloud (File Sync and Storage) Purpose: File synchronization and collaborationStack: nextcloudImage: nextcloud:latestPlacement: Manager node (p0)
Components:
Nextcloud: Main application Redis: Application caching Key Configuration:
environment: POSTGRES_HOST: postgres POSTGRES_DB: nextcloud REDIS_HOST: redis NEXTCLOUD_TRUSTED_DOMAINS: "10.0.4.11,nextcloud.bitfrost.me" Access:https://nextcloud.bitfrost.me
Storage:/mnt/swarm-data/nextcloud/data
Paperless-NGX (Document Management) Purpose: Document scanning, OCR, and organizationStack: paperlessImage: ghcr.io/paperless-ngx/paperless-ngx:latestPlacement: Manager node (p0)
Components:
Paperless Webserver: Main application Paperless Redis: Task queue Key Configuration:
environment: PAPERLESS_DBHOST: postgres PAPERLESS_REDIS: redis://paperless_redis:6379 PAPERLESS_OCR_LANGUAGE: eng PAPERLESS_URL: https://docs.bitfrost.me Access:https://docs.bitfrost.me
Uptime Kuma (Service Monitoring) Purpose: Website and service uptime monitoringStack: uptimeImage: louislam/uptime-kuma:latestPlacement: Manager node (p0)
Key Configuration:
environment: TZ: America/New_York volumes: - /var/run/docker.sock:/var/run/docker.sock:ro Access:https://status.bitfrost.me
Features:
HTTP/HTTPS monitoring Docker container monitoring Status page generation Alert notifications Storage:/mnt/swarm-data/uptime-kuma
Homarr (Dashboard) Purpose: Centralized application dashboardStack: homarrImage: ghcr.io/homarr-labs/homarr:latestPlacement: Manager node (p0)
Key Configuration:
environment: SECRET_ENCRYPTION_KEY: [SECRET] volumes: - /mnt/swarm-data/homarr/configs:/app/data/configs - /var/run/docker.sock:/var/run/docker.sock:ro Access:https://home.bitfrost.me
Features:
Application shortcuts Service status widgets Docker integration Customizable layout Adminer (Database Administration) Purpose: Web-based database managementStack: adminerImage: adminer:latestPlacement: Manager node (p0)
Taylor’s Tracker (Production/Development) Purpose: Custom web applicationStack: tracker-prod (production), tracker-dev (development)Image: nginx:alpinePlacement: Worker nodes (3 replicas for production)
Production Configuration:
replicas: 3 placement: constraints: [node.role == worker] volumes: - /mnt/swarm-data/webservers/production/nginx/nginx.conf - /mnt/swarm-data/webfiles/production/taylors-development Development Configuration:
ports: ["8181:80"] volumes: - /mnt/swarm-data/webservers/testing/nginx/nginx.conf - /mnt/swarm-data/webfiles/testing/taylors-development Access:
Production:https://tracker.bitfrost.me Development:http://[node-ip]:8181 Nginx Configuration Patterns Standard Nginx Setup:
volumes: # Main configuration - nginx.conf:/etc/nginx/nginx/nginx.conf:ro # Virtual host configuration - default.conf:/etc/nginx/conf.d/default.conf:ro # Web content - web-content:/usr/share/nginx/html:ro Environment Separation:
Production:/mnt/swarm-data/webservers/production/ Testing:/mnt/swarm-data/webservers/testing/ Web Files: Separate directory structure for content
Critical Path Dependencies:
PostgreSQL→ Authentik, Paperless, Vikunja, Nextcloud MariaDB→ BookStack Traefik→ All web services (SSL termination) Authentik→ Services requiring authentication Startup Recommendations:
Deploy infrastructure stack (Traefik, databases) Deploy authentication stack (Authentik) Deploy application stacks Deploy monitoring and management tools Health Check Patterns: Most services include automatic health checks and restart policies:
deploy: restart_policy: condition: any delay: 5s max_attempts: 3
Traefik (Reverse Proxy) Purpose: SSL termination, routing, and load balancingStack: traefikImage: traefik:v3.5Placement: Manager node (p0)
Key Configuration:
command: - --api.dashboard=true - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --providers.swarm=true - --certificatesresolvers.cloudflare.acme.dnschallenge=true Features:
Automatic service discovery Cloudflare DNS challenge for SSL HTTP to HTTPS redirection Dashboard at port 8081 Storage Requirements:
SSL certificates:/mnt/swarm-data/traefik/certificates Dynamic configuration:/mnt/swarm-data/traefik/dynamic Portainer (Container Management) Purpose: Docker Swarm management interfaceStack: portainerImage: portainer/portainer-ce:latestPlacement: Manager node (p0)
Architecture:
Server: Single instance on manager node Agents: Global deployment on all nodes Key Configuration: