Traefik (Reverse Proxy)
Purpose: SSL termination, routing, and load balancingStack: traefikImage: traefik:v3.5Placement: Manager node (p0)
Key Configuration:
command:
- --api.dashboard=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.swarm=true
- --certificatesresolvers.cloudflare.acme.dnschallenge=true
Features:
- Automatic service discovery
- Cloudflare DNS challenge for SSL
- HTTP to HTTPS redirection
- Dashboard at port 8081
Storage Requirements:
- SSL certificates:
/mnt/swarm-data/traefik/certificates - Dynamic configuration:
/mnt/swarm-data/traefik/dynamic
Portainer (Container Management)
Purpose: Docker Swarm management interfaceStack: portainerImage: portainer/portainer-ce:latestPlacement: Manager node (p0)
Architecture:
- Server: Single instance on manager node
- Agents: Global deployment on all nodes
Key Configuration:
command: -H tcp://tasks.agent:9001 --tlsskipverify
networks: [portainer_portainer_agent]
Access:https://portainer.bitfrost.me
Features:
- Complete swarm management
- Stack deployment
- Service monitoring
- Volume management
PostgreSQL (Primary Database)
Purpose: Primary relational databaseStack: postgresql17Image: postgres:17Placement: Manager node (p0)
Databases Hosted:
- authentik: User authentication
- paperless: Document management
- vikunja: Task management
- nextcloud: File metadata
Key Configuration:
environment:
POSTGRES_USER: admin
POSTGRES_PASSWORD: [SECRET]
ports: ["5432:5432"]
Clients:
# Standard connection pattern
POSTGRES_HOST: postgres
POSTGRES_USER: admin
POSTGRES_PASSWORD: [SECRET]
MariaDB (Secondary Database)
Purpose: BookStack wiki databaseStack: mariadbImage: lscr.io/linuxserver/mariadb:latestPlacement: Manager node (p0)
Key Configuration:
environment:
MYSQL_ROOT_PASSWORD: [SECRET]
MYSQL_USER: admin
PUID: 1000
PGID: 1000
Database: bookstackappPort: 3306 (externally accessible)