manohar/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/ha-proxy/docker-compose.yml
Mannu 4fc7893d28 Add Home Assistant (home box) + ha-proxy (Hetzner/Dokploy) stacks 
- home-assistant/: HA Core + matter-server, host networking (home box, not Dokploy)
- ha-proxy/: nginx reverse-proxy, ha.manohargupta.com -> home HA over Tailscale
- dual-homed (dokploy-network ingress + bridge egress), mirrors n8n pattern
2026-06-11 10:26:45 +05:30

50 lines
2.3 KiB
YAML
Raw Blame History

# ============================================================================
# ha-proxy -- ha.manohargupta.com (runs on HETZNER via DOKPLOY)
# ----------------------------------------------------------------------------
# Home Assistant runs at HOME. This stack is ONLY a reverse-proxy bridge:
#
# Browser --TLS--> Traefik (Hetzner) --> ha-proxy (nginx) --tailnet--> HA @ home
#
# WHY nginx and not a plain Traefik route to the home IP:
# - Traefik (Dokploy's) sits on the dokploy-network swarm OVERLAY, which can't
# cleanly egress to a tailnet peer. nginx here is dual-homed: it takes
# ingress from Traefik on dokploy-network, and egresses to the home box
# over a local BRIDGE network (ha_egress) whose gateway is the Hetzner host
# -- the host then routes to tailscale0. This is the same dokploy-network +
# bridge pattern your n8n stack already uses successfully.
# - nginx also handles the WebSocket upgrade HA's frontend depends on.
#
# RAM cost on Hetzner: ~10-15 MB (nginx:alpine). The heavy part stays home.
# ============================================================================
services:
ha-proxy:
image: nginx:1.27-alpine
restart: unless-stopped
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
networks:
- dokploy-network # ingress: Traefik routes ha.manohargupta.com here
- ha_egress # egress: container -> host -> tailscale0 -> home box
# --- Container-level labels (docker provider) ---
labels:
- "traefik.enable=true"
- "traefik.docker.network=dokploy-network"
- "traefik.http.routers.ha.rule=Host(`ha.manohargupta.com`)"
- "traefik.http.routers.ha.entrypoints=websecure"
- "traefik.http.routers.ha.tls.certresolver=letsencrypt"
- "traefik.http.services.ha.loadbalancer.server.port=80"
# --- Service-level labels (swarm provider) -- Dokploy deploys as swarm stack ---
deploy:
labels:
- "traefik.enable=true"
- "traefik.docker.network=dokploy-network"
- "traefik.http.routers.ha.rule=Host(`ha.manohargupta.com`)"
- "traefik.http.routers.ha.entrypoints=websecure"
- "traefik.http.routers.ha.tls.certresolver=letsencrypt"
- "traefik.http.services.ha.loadbalancer.server.port=80"
networks:
dokploy-network:
external: true
ha_egress:
driver: bridge
Reference in a new issue View git blame Copy permalink