feat: app configs local domains (#713)

* feat(pairdrop): change config to support local domain

* feat(paperless-ngx): change config to support local domain

* feat(peppermint): change config to support local domain

* feat(photoprism): change config to support local domain

* feat(pihole): change config to support local domain

* feat(plausible): change config to support local domain

* feat(plex): change config to support local domain

* feat(podfetch): change config to support local domain

* feat(portainer): change config to support local domain

* feat(privatebin): change config to support local domain

* feat(prowlarr): change config to support local domain

* feat(proxitok): change config to support local domain

* feat(qbittorrent): change config to support local domain

* feat(radarr): change config to support local domain

* feat(readarr): change config to support local domain

* feat(resilio-sync): change config to support local domain

* feat(romm): change config to support local domain

* feat(rss): change config to support local domain

* feat(sabnzbd): change config to support local domain

* feat(searxng): change config to support local domain

* feat(send): change config to support local domain

* feat(simplex-smp): change config to support local domain

* feat(sonarr): change config to support local domain

* feat(syncthing): change config to support local domain

* feat(tasks-md): change config to support local domain

* feat(tautulli): change config to support local domain

* feat(teddit): change config to support local domain

* feat(transmission): change config to support local domain

* feat(tubearchivist): change config to support local domain

* feat(umami): change config to support local domain

* feat(uptime-kuma): change config to support local domain

* feat(vaultwarden): change config to support local domain

* feat(vikunja): change config to support local domain

* feat(wg-easy): change config to support local domain

* feat(wikijs): change config to support local domain

* feat(wizarr): change config to support local domain

* feat(your-spotify): change config to support local domain

* chore: labels formatting issues

apps/pairdrop/config.json

@@ -6,7 +6,7 @@
   "exposable": true,
   "force_expose": true,
   "id": "pairdrop",
-  "tipi_version": 7,
+  "tipi_version": 8,
   "version": "1.7.6",
   "categories": [
     "media",

apps/pairdrop/docker-compose.yml

@@ -15,9 +15,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.pairdrop-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.pairdrop.loadbalancer.server.port: 3000
+      # Web
+      traefik.http.routers.pairdrop-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.pairdrop-insecure.entrypoints: web
+      traefik.http.routers.pairdrop-insecure.service: pairdrop
+      traefik.http.routers.pairdrop-insecure.middlewares: pairdrop-web-redirect
+      # Websecure
       traefik.http.routers.pairdrop.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.pairdrop.entrypoints: websecure
       traefik.http.routers.pairdrop.service: pairdrop
       traefik.http.routers.pairdrop.tls.certresolver: myresolver
-      traefik.http.services.pairdrop.loadbalancer.server.port: 3000
+      # Local domain
+      traefik.http.routers.pairdrop-local-insecure.rule: Host(`pairdrop.${LOCAL_DOMAIN}`)
+      traefik.http.routers.pairdrop-local-insecure.entrypoints: web
+      traefik.http.routers.pairdrop-local-insecure.service: pairdrop
+      traefik.http.routers.pairdrop-local-insecure.middlewares: pairdrop-web-redirect
+      # Local domain secure
+      traefik.http.routers.pairdrop-local.rule: Host(`pairdrop.${LOCAL_DOMAIN}`)
+      traefik.http.routers.pairdrop-local.entrypoints: websecure
+      traefik.http.routers.pairdrop-local.service: pairdrop
+      traefik.http.routers.pairdrop-local.tls: true

apps/paperless-ngx/config.json

@@ -5,7 +5,7 @@
   "exposable": true,
   "port": 8012,
   "id": "paperless-ngx",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "7",
   "categories": [
     "utilities"

apps/paperless-ngx/docker-compose.yml

@@ -1,5 +1,57 @@
 version: '3.7'
 services:
+  paperless-ngx:
+    container_name: paperless-ngx
+    image: ghcr.io/paperless-ngx/paperless-ngx:1.15
+    restart: unless-stopped
+    depends_on:
+      - db
+      - broker
+    ports:
+      - ${APP_PORT}:8000
+    volumes:
+      - ${APP_DATA_DIR}/data/paperless_data:/usr/src/paperless/data
+      - ${APP_DATA_DIR}/data/paperless_media:/usr/src/paperless/media
+      - ${APP_DATA_DIR}/data/paperless_export:/usr/src/paperless/export
+      - ${APP_DATA_DIR}/data/paperless_consume:/usr/src/paperless/consume
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_DBHOST: db
+      PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USERNAME}
+      PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD}
+      PAPERLESS_TIKA_ENABLED: ${PAPERLESS_TIKA_ENABLED}
+      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
+      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
+      PAPERLESS_URL: ${APP_PROTOCOL:-http}://${APP_DOMAIN}
+      COMPOSE_PROJECT_NAME: paperless-ngx
+    networks:
+        - tipi_main_network
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.paperless-ngx-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.paperless-ngx.loadbalancer.server.port: 8000
+        # Web
+      traefik.http.routers.paperless-ngx-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.paperless-ngx-insecure.entrypoints: web
+      traefik.http.routers.paperless-ngx-insecure.service: paperless-ngx
+      traefik.http.routers.paperless-ngx-insecure.middlewares: paperless-ngx-web-redirect
+        # Websecure
+      traefik.http.routers.paperless-ngx.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.paperless-ngx.entrypoints: websecure
+      traefik.http.routers.paperless-ngx.service: paperless-ngx
+      traefik.http.routers.paperless-ngx.tls.certresolver: myresolver
+        # Local domain
+      traefik.http.routers.paperless-ngx-local-insecure.rule: Host(`paperless-ngx.${LOCAL_DOMAIN}`)
+      traefik.http.routers.paperless-ngx-local-insecure.entrypoints: web
+      traefik.http.routers.paperless-ngx-local-insecure.service: paperless-ngx
+      traefik.http.routers.paperless-ngx-local-insecure.middlewares: paperless-ngx-web-redirect
+        # Local domain secure
+      traefik.http.routers.paperless-ngx-local.rule: Host(`paperless-ngx.${LOCAL_DOMAIN}`)
+      traefik.http.routers.paperless-ngx-local.entrypoints: websecure
+      traefik.http.routers.paperless-ngx-local.service: paperless-ngx
+      traefik.http.routers.paperless-ngx-local.tls: true
+
   # Redis
   broker:
     image: docker.io/library/redis:7
@@ -40,36 +92,3 @@ services:
     networks:
     - tipi_main_network
       
-  paperless-ngx:
-    container_name: paperless-ngx
-    image: ghcr.io/paperless-ngx/paperless-ngx:1.15
-    restart: unless-stopped
-    depends_on:
-      - db
-      - broker
-    ports:
-      - ${APP_PORT}:8000
-    volumes:
-      - ${APP_DATA_DIR}/data/paperless_data:/usr/src/paperless/data
-      - ${APP_DATA_DIR}/data/paperless_media:/usr/src/paperless/media
-      - ${APP_DATA_DIR}/data/paperless_export:/usr/src/paperless/export
-      - ${APP_DATA_DIR}/data/paperless_consume:/usr/src/paperless/consume
-    environment:
-      PAPERLESS_REDIS: redis://broker:6379
-      PAPERLESS_DBHOST: db
-      PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USERNAME}
-      PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD}
-      PAPERLESS_TIKA_ENABLED: ${PAPERLESS_TIKA_ENABLED}
-      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
-      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
-      PAPERLESS_URL: ${APP_PROTOCOL:-http}://${APP_DOMAIN}
-      COMPOSE_PROJECT_NAME: paperless-ngx
-    networks:
-      - tipi_main_network
-    labels:
-      traefik.enable: ${APP_EXPOSED}
-      traefik.http.routers.paperless-ngx.rule: Host(`${APP_DOMAIN}`)
-      traefik.http.routers.paperless-ngx.entrypoints: websecure
-      traefik.http.routers.paperless-ngx.service: paperless-ngx
-      traefik.http.routers.paperless-ngx.tls.certresolver: myresolver
-      traefik.http.services.paperless-ngx.loadbalancer.server.port: 8000

apps/peppermint/config.json

@@ -5,9 +5,11 @@
   "available": true,
   "exposable": true,
   "id": "peppermint",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "latest",
-  "categories": ["utilities"],
+  "categories": [
+    "utilities"
+  ],
   "description": "An open source ticket management & help desk solution.",
   "short_desc": "An open source ticket management & help desk solution.",
   "author": "Peppermint-Lab",
@@ -20,4 +22,4 @@
       "env_variable": "PEPPERMINT_DB_PASSWORD"
     }
   ]
-}
+}

apps/peppermint/docker-compose.yml

@@ -18,12 +18,30 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.peppermint-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.peppermint.loadbalancer.server.port: 5000
+      # Web
+      traefik.http.routers.peppermint-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.peppermint-insecure.entrypoints: web
+      traefik.http.routers.peppermint-insecure.service: peppermint
+      traefik.http.routers.peppermint-insecure.middlewares: peppermint-web-redirect
+      # Websecure
       traefik.http.routers.peppermint.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.peppermint.entrypoints: websecure
       traefik.http.routers.peppermint.service: peppermint
       traefik.http.routers.peppermint.tls.certresolver: myresolver
-      traefik.http.services.peppermint.loadbalancer.server.port: 5000
+      # Local domain
+      traefik.http.routers.peppermint-local-insecure.rule: Host(`peppermint.${LOCAL_DOMAIN}`)
+      traefik.http.routers.peppermint-local-insecure.entrypoints: web
+      traefik.http.routers.peppermint-local-insecure.service: peppermint
+      traefik.http.routers.peppermint-local-insecure.middlewares: peppermint-web-redirect
+      # Local domain secure
+      traefik.http.routers.peppermint-local.rule: Host(`peppermint.${LOCAL_DOMAIN}`)
+      traefik.http.routers.peppermint-local.entrypoints: websecure
+      traefik.http.routers.peppermint-local.service: peppermint
+      traefik.http.routers.peppermint-local.tls: true
 
   peppermint-db:
     container_name: peppermint-db

apps/photoprism/config.json

@@ -5,9 +5,11 @@
   "available": true,
   "exposable": true,
   "id": "photoprism",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "latest",
-  "categories": ["photography"],
+  "categories": [
+    "photography"
+  ],
   "description": "PhotoPrism® is an AI-Powered Photos App for the Decentralized Web. It makes use of the latest technologies to tag and find pictures automatically without getting in your way. You can run it at home, on a private server, or in the cloud. Default username: admin",
   "short_desc": "AI-Powered Photos App for the Decentralized Web. We are on a mission to protect your freedom and privacy.",
   "author": "PhotoPrism",

apps/photoprism/docker-compose.arm.yml

@@ -41,12 +41,30 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.photoprism-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.photoprism.loadbalancer.server.port: 2342
+      # Web
+      traefik.http.routers.photoprism-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.photoprism-insecure.entrypoints: web
+      traefik.http.routers.photoprism-insecure.service: photoprism
+      traefik.http.routers.photoprism-insecure.middlewares: photoprism-web-redirect
+      # Websecure
       traefik.http.routers.photoprism.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.photoprism.entrypoints: websecure
       traefik.http.routers.photoprism.service: photoprism
       traefik.http.routers.photoprism.tls.certresolver: myresolver
-      traefik.http.services.photoprism.loadbalancer.server.port: 2342
+      # Local domain
+      traefik.http.routers.photoprism-local-insecure.rule: Host(`photoprism.${LOCAL_DOMAIN}`)
+      traefik.http.routers.photoprism-local-insecure.entrypoints: web
+      traefik.http.routers.photoprism-local-insecure.service: photoprism
+      traefik.http.routers.photoprism-local-insecure.middlewares: photoprism-web-redirect
+      # Local domain secure
+      traefik.http.routers.photoprism-local.rule: Host(`photoprism.${LOCAL_DOMAIN}`)
+      traefik.http.routers.photoprism-local.entrypoints: websecure
+      traefik.http.routers.photoprism-local.service: photoprism
+      traefik.http.routers.photoprism-local.tls: true
 
   photoprism-db:
     restart: unless-stopped

apps/photoprism/docker-compose.arm64.yml

@@ -41,12 +41,30 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.photoprism-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.photoprism.loadbalancer.server.port: 2342
+      # Web
+      traefik.http.routers.photoprism-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.photoprism-insecure.entrypoints: web
+      traefik.http.routers.photoprism-insecure.service: photoprism
+      traefik.http.routers.photoprism-insecure.middlewares: photoprism-web-redirect
+      # Websecure
       traefik.http.routers.photoprism.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.photoprism.entrypoints: websecure
       traefik.http.routers.photoprism.service: photoprism
       traefik.http.routers.photoprism.tls.certresolver: myresolver
-      traefik.http.services.photoprism.loadbalancer.server.port: 2342
+      # Local domain
+      traefik.http.routers.photoprism-local-insecure.rule: Host(`photoprism.${LOCAL_DOMAIN}`)
+      traefik.http.routers.photoprism-local-insecure.entrypoints: web
+      traefik.http.routers.photoprism-local-insecure.service: photoprism
+      traefik.http.routers.photoprism-local-insecure.middlewares: photoprism-web-redirect
+      # Local domain secure
+      traefik.http.routers.photoprism-local.rule: Host(`photoprism.${LOCAL_DOMAIN}`)
+      traefik.http.routers.photoprism-local.entrypoints: websecure
+      traefik.http.routers.photoprism-local.service: photoprism
+      traefik.http.routers.photoprism-local.tls: true
 
   photoprism-db:
     restart: unless-stopped

apps/photoprism/docker-compose.yml

@@ -42,12 +42,30 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.photoprism-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.photoprism.loadbalancer.server.port: 2342
+      # Web
+      traefik.http.routers.photoprism-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.photoprism-insecure.entrypoints: web
+      traefik.http.routers.photoprism-insecure.service: photoprism
+      traefik.http.routers.photoprism-insecure.middlewares: photoprism-web-redirect
+      # Websecure
       traefik.http.routers.photoprism.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.photoprism.entrypoints: websecure
       traefik.http.routers.photoprism.service: photoprism
       traefik.http.routers.photoprism.tls.certresolver: myresolver
-      traefik.http.services.photoprism.loadbalancer.server.port: 2342
+      # Local domain
+      traefik.http.routers.photoprism-local-insecure.rule: Host(`photoprism.${LOCAL_DOMAIN}`)
+      traefik.http.routers.photoprism-local-insecure.entrypoints: web
+      traefik.http.routers.photoprism-local-insecure.service: photoprism
+      traefik.http.routers.photoprism-local-insecure.middlewares: photoprism-web-redirect
+      # Local domain secure
+      traefik.http.routers.photoprism-local.rule: Host(`photoprism.${LOCAL_DOMAIN}`)
+      traefik.http.routers.photoprism-local.entrypoints: websecure
+      traefik.http.routers.photoprism-local.service: photoprism
+      traefik.http.routers.photoprism-local.tls: true
 
   photoprism-db:
     restart: unless-stopped

apps/pihole/config.json

@@ -10,7 +10,7 @@
     ]
   },
   "id": "pihole",
-  "tipi_version": 7,
+  "tipi_version": 8,
   "version": "2023.05.2",
   "url_suffix": "/admin",
   "categories": [

apps/pihole/docker-compose.yml

@@ -25,9 +25,27 @@ services:
       tipi_main_network:
         ipv4_address: 10.21.21.201
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.pihole-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.pihole.loadbalancer.server.port: 80
+      # Web
+      traefik.http.routers.pihole-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.pihole-insecure.entrypoints: web
+      traefik.http.routers.pihole-insecure.service: pihole
+      traefik.http.routers.pihole-insecure.middlewares: pihole-web-redirect
+      # Websecure
       traefik.http.routers.pihole.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.pihole.entrypoints: websecure
       traefik.http.routers.pihole.service: pihole
       traefik.http.routers.pihole.tls.certresolver: myresolver
-      traefik.http.services.pihole.loadbalancer.server.port: 80
+      # Local domain
+      traefik.http.routers.pihole-local-insecure.rule: Host(`pihole.${LOCAL_DOMAIN}`)
+      traefik.http.routers.pihole-local-insecure.entrypoints: web
+      traefik.http.routers.pihole-local-insecure.service: pihole
+      traefik.http.routers.pihole-local-insecure.middlewares: pihole-web-redirect
+      # Local domain secure
+      traefik.http.routers.pihole-local.rule: Host(`pihole.${LOCAL_DOMAIN}`)
+      traefik.http.routers.pihole-local.entrypoints: websecure
+      traefik.http.routers.pihole-local.service: pihole
+      traefik.http.routers.pihole-local.tls: true

apps/plausible/config.json

@@ -5,9 +5,11 @@
   "available": true,
   "exposable": true,
   "id": "plausible",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "v1.5.1",
-  "categories": ["utilities"],
+  "categories": [
+    "utilities"
+  ],
   "description": "Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.",
   "short_desc": "Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.",
   "author": "Plausible",

apps/plausible/docker-compose.yml

@@ -1,5 +1,49 @@
 version: "3.7"
 services:
+  plausible:
+    container_name: plausible
+    image: plausible/analytics:v1.5.1
+    restart: always
+    command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"
+    depends_on:
+      - plausible-db
+      - plausible-events-db
+    ports:
+      - ${APP_PORT}:8000 
+    environment:
+      - BASE_URL=${APP_PROTOCOL:-http}://${APP_DOMAIN} 
+      - SECRET_KEY_BASE=${PLAUSIBLE_SECRET_KEY_BASE} 
+      - DATABASE_URL=postgres://tipi:${PLAUSIBLE_DB_PASSWORD}@plausible-db:5432/plausible-db
+      - CLICKHOUSE_DATABASE_URL=http://plausible-events-db:8123/plausible_events_db
+      - DISABLE_REGISTRATION=${PLAUSIBLE_DISABLE_REGISTRATION}
+    networks:
+      - tipi_main_network
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.plausible-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.plausible.loadbalancer.server.port: 8000
+      # Web
+      traefik.http.routers.plausible-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.plausible-insecure.entrypoints: web
+      traefik.http.routers.plausible-insecure.service: plausible
+      traefik.http.routers.plausible-insecure.middlewares: plausible-web-redirect
+      # Websecure
+      traefik.http.routers.plausible.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.plausible.entrypoints: websecure
+      traefik.http.routers.plausible.service: plausible
+      traefik.http.routers.plausible.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.plausible-local-insecure.rule: Host(`plausible.${LOCAL_DOMAIN}`)
+      traefik.http.routers.plausible-local-insecure.entrypoints: web
+      traefik.http.routers.plausible-local-insecure.service: plausible
+      traefik.http.routers.plausible-local-insecure.middlewares: plausible-web-redirect
+      # Local domain secure
+      traefik.http.routers.plausible-local.rule: Host(`plausible.${LOCAL_DOMAIN}`)
+      traefik.http.routers.plausible-local.entrypoints: websecure
+      traefik.http.routers.plausible-local.service: plausible
+      traefik.http.routers.plausible-local.tls: true
+
   plausible-db:
     # supported versions are 12, 13, and 14
     image: postgres:14-alpine
@@ -29,28 +73,3 @@ services:
         soft: 262144
         hard: 262144
 
-  plausible:
-    container_name: plausible
-    image: plausible/analytics:v1.5.1
-    restart: always
-    command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"
-    depends_on:
-      - plausible-db
-      - plausible-events-db
-    ports:
-      - ${APP_PORT}:8000 
-    environment:
-      - BASE_URL=${APP_PROTOCOL:-http}://${APP_DOMAIN} 
-      - SECRET_KEY_BASE=${PLAUSIBLE_SECRET_KEY_BASE} 
-      - DATABASE_URL=postgres://tipi:${PLAUSIBLE_DB_PASSWORD}@plausible-db:5432/plausible-db
-      - CLICKHOUSE_DATABASE_URL=http://plausible-events-db:8123/plausible_events_db
-      - DISABLE_REGISTRATION=${PLAUSIBLE_DISABLE_REGISTRATION}
-    networks:
-      - tipi_main_network
-    labels:
-      traefik.enable: ${APP_EXPOSED}
-      traefik.http.routers.plausible.rule: Host(`${APP_DOMAIN}`)
-      traefik.http.routers.plausible.entrypoints: websecure
-      traefik.http.routers.plausible.service: plausible
-      traefik.http.routers.plausible.tls.certresolver: myresolver
-      traefik.http.services.plausible.loadbalancer.server.port: 8000

apps/plex/config.json

@@ -5,7 +5,7 @@
   "exposable": true,
   "port": 32400,
   "id": "plex",
-  "tipi_version": 17,
+  "tipi_version": 18,
   "version": "1.32.3",
   "url_suffix": "/web",
   "categories": [

apps/plex/docker-compose.yml

@@ -16,9 +16,27 @@ services:
       - ${ROOT_FOLDER_HOST}/media/data:/media
     restart: unless-stopped
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.plex-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.plex.loadbalancer.server.port: 32400
+      # Web
+      traefik.http.routers.plex-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.plex-insecure.entrypoints: web
+      traefik.http.routers.plex-insecure.service: plex
+      traefik.http.routers.plex-insecure.middlewares: plex-web-redirect
+      # Websecure
       traefik.http.routers.plex.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.plex.entrypoints: websecure
       traefik.http.routers.plex.service: plex
       traefik.http.routers.plex.tls.certresolver: myresolver
-      traefik.http.services.plex.loadbalancer.server.port: 32400
+      # Local domain
+      traefik.http.routers.plex-local-insecure.rule: Host(`plex.${LOCAL_DOMAIN}`)
+      traefik.http.routers.plex-local-insecure.entrypoints: web
+      traefik.http.routers.plex-local-insecure.service: plex
+      traefik.http.routers.plex-local-insecure.middlewares: plex-web-redirect
+      # Local domain secure
+      traefik.http.routers.plex-local.rule: Host(`plex.${LOCAL_DOMAIN}`)
+      traefik.http.routers.plex-local.entrypoints: websecure
+      traefik.http.routers.plex-local.service: plex
+      traefik.http.routers.plex-local.tls: true

apps/podfetch/config.json

@@ -5,9 +5,11 @@
   "available": true,
   "exposable": true,
   "id": "podfetch",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "latest",
-  "categories": ["media"],
+  "categories": [
+    "media"
+  ],
   "description": "A sleek and efficient podcast downloader.",
   "short_desc": "A sleek and efficient podcast downloader.",
   "author": "SamTV12345",
@@ -46,4 +48,4 @@
       "env_variable": "PODFETCH_PODINDEX_API_SECRET"
     }
   ]
-}
+}

apps/podfetch/docker-compose.yml

@@ -21,10 +21,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.podfetch-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.podfetch.loadbalancer.server.port: 8000
+      # Web
+      traefik.http.routers.podfetch-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.podfetch-insecure.entrypoints: web
+      traefik.http.routers.podfetch-insecure.service: podfetch
+      traefik.http.routers.podfetch-insecure.middlewares: podfetch-web-redirect
+      # Websecure
       traefik.http.routers.podfetch.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.podfetch.entrypoints: websecure
       traefik.http.routers.podfetch.service: podfetch
       traefik.http.routers.podfetch.tls.certresolver: myresolver
-      traefik.http.services.podfetch.loadbalancer.server.port: 8000
-
+      # Local domain
+      traefik.http.routers.podfetch-local-insecure.rule: Host(`podfetch.${LOCAL_DOMAIN}`)
+      traefik.http.routers.podfetch-local-insecure.entrypoints: web
+      traefik.http.routers.podfetch-local-insecure.service: podfetch
+      traefik.http.routers.podfetch-local-insecure.middlewares: podfetch-web-redirect
+      # Local domain secure
+      traefik.http.routers.podfetch-local.rule: Host(`podfetch.${LOCAL_DOMAIN}`)
+      traefik.http.routers.podfetch-local.entrypoints: websecure
+      traefik.http.routers.podfetch-local.service: podfetch
+      traefik.http.routers.podfetch-local.tls: true

apps/portainer/config.json

@@ -6,7 +6,7 @@
   "exposable": true,
   "https": true,
   "id": "portainer",
-  "tipi_version": 10,
+  "tipi_version": 11,
   "version": "2.18.3-alpine",
   "categories": [
     "utilities"

apps/portainer/docker-compose.yml

@@ -14,9 +14,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.portainer-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.portainer.loadbalancer.server.port: 9000
+      # Web
+      traefik.http.routers.portainer-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.portainer-insecure.entrypoints: web
+      traefik.http.routers.portainer-insecure.service: portainer
+      traefik.http.routers.portainer-insecure.middlewares: portainer-web-redirect
+      # Websecure
       traefik.http.routers.portainer.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.portainer.entrypoints: websecure
       traefik.http.routers.portainer.service: portainer
       traefik.http.routers.portainer.tls.certresolver: myresolver
-      traefik.http.services.portainer.loadbalancer.server.port: 9000
+      # Local domain
+      traefik.http.routers.portainer-local-insecure.rule: Host(`portainer.${LOCAL_DOMAIN}`)
+      traefik.http.routers.portainer-local-insecure.entrypoints: web
+      traefik.http.routers.portainer-local-insecure.service: portainer
+      traefik.http.routers.portainer-local-insecure.middlewares: portainer-web-redirect
+      # Local domain secure
+      traefik.http.routers.portainer-local.rule: Host(`portainer.${LOCAL_DOMAIN}`)
+      traefik.http.routers.portainer-local.entrypoints: websecure
+      traefik.http.routers.portainer-local.service: portainer
+      traefik.http.routers.portainer-local.tls: true

apps/privatebin/config.json

@@ -5,7 +5,7 @@
   "exposable": true,
   "port": 8122,
   "id": "privatebin",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "1.5.1",
   "categories": [
     "utilities"

apps/privatebin/docker-compose.yml

@@ -13,9 +13,27 @@ services:
     volumes:
       - ${APP_DATA_DIR}/data:/srv/data
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.privatebin-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.privatebin.loadbalancer.server.port: 8080
+      # Web
+      traefik.http.routers.privatebin-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.privatebin-insecure.entrypoints: web
+      traefik.http.routers.privatebin-insecure.service: privatebin
+      traefik.http.routers.privatebin-insecure.middlewares: privatebin-web-redirect
+      # Websecure
       traefik.http.routers.privatebin.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.privatebin.entrypoints: websecure
       traefik.http.routers.privatebin.service: privatebin
       traefik.http.routers.privatebin.tls.certresolver: myresolver
-      traefik.http.services.privatebin.loadbalancer.server.port: 8080
+      # Local domain
+      traefik.http.routers.privatebin-local-insecure.rule: Host(`privatebin.${LOCAL_DOMAIN}`)
+      traefik.http.routers.privatebin-local-insecure.entrypoints: web
+      traefik.http.routers.privatebin-local-insecure.service: privatebin
+      traefik.http.routers.privatebin-local-insecure.middlewares: privatebin-web-redirect
+      # Local domain secure
+      traefik.http.routers.privatebin-local.rule: Host(`privatebin.${LOCAL_DOMAIN}`)
+      traefik.http.routers.privatebin-local.entrypoints: websecure
+      traefik.http.routers.privatebin-local.service: privatebin
+      traefik.http.routers.privatebin-local.tls: true

apps/prowlarr/config.json

@@ -5,9 +5,12 @@
   "exposable": true,
   "port": 8109,
   "id": "prowlarr",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "develop",
-  "categories": ["media", "utilities"],
+  "categories": [
+    "media",
+    "utilities"
+  ],
   "description": "Prowlarr is an indexer manager/proxy built on the popular *arr .net/reactjs base stack to integrate with your various PVR apps. Prowlarr supports management of both Torrent Trackers and Usenet Indexers. It integrates seamlessly with Lidarr, Mylar3, Radarr, Readarr, and Sonarr offering complete management of your indexers with no per app Indexer setup required (we do it all).",
   "short_desc": "A torrent/usenet indexer manager/proxy",
   "author": "Prowlarr",

apps/prowlarr/docker-compose.yml

@@ -15,9 +15,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.prowlarr-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.prowlarr.loadbalancer.server.port: 9696
+      # Web
+      traefik.http.routers.prowlarr-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.prowlarr-insecure.entrypoints: web
+      traefik.http.routers.prowlarr-insecure.service: prowlarr
+      traefik.http.routers.prowlarr-insecure.middlewares: prowlarr-web-redirect
+      # Websecure
       traefik.http.routers.prowlarr.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.prowlarr.entrypoints: websecure
       traefik.http.routers.prowlarr.service: prowlarr
       traefik.http.routers.prowlarr.tls.certresolver: myresolver
-      traefik.http.services.prowlarr.loadbalancer.server.port: 9696
+      # Local domain
+      traefik.http.routers.prowlarr-local-insecure.rule: Host(`prowlarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.prowlarr-local-insecure.entrypoints: web
+      traefik.http.routers.prowlarr-local-insecure.service: prowlarr
+      traefik.http.routers.prowlarr-local-insecure.middlewares: prowlarr-web-redirect
+      # Local domain secure
+      traefik.http.routers.prowlarr-local.rule: Host(`prowlarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.prowlarr-local.entrypoints: websecure
+      traefik.http.routers.prowlarr-local.service: prowlarr
+      traefik.http.routers.prowlarr-local.tls: true

apps/proxitok/config.json

@@ -5,9 +5,11 @@
   "exposable": true,
   "port": 8118,
   "id": "proxitok",
-  "categories": ["social"],
+  "categories": [
+    "social"
+  ],
   "description": "",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "1.0.0",
   "short_desc": "Open source alternative frontend for TikTok made using PHP ",
   "author": "pablouser1",

apps/proxitok/docker-compose.yml

@@ -21,12 +21,30 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.proxitok-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.proxitok.loadbalancer.server.port: 80
+      # Web
+      traefik.http.routers.proxitok-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.proxitok-insecure.entrypoints: web
+      traefik.http.routers.proxitok-insecure.service: proxitok
+      traefik.http.routers.proxitok-insecure.middlewares: proxitok-web-redirect
+      # Websecure
       traefik.http.routers.proxitok.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.proxitok.entrypoints: websecure
       traefik.http.routers.proxitok.service: proxitok
       traefik.http.routers.proxitok.tls.certresolver: myresolver
-      traefik.http.services.proxitok.loadbalancer.server.port: 80
+      # Local domain
+      traefik.http.routers.proxitok-local-insecure.rule: Host(`proxitok.${LOCAL_DOMAIN}`)
+      traefik.http.routers.proxitok-local-insecure.entrypoints: web
+      traefik.http.routers.proxitok-local-insecure.service: proxitok
+      traefik.http.routers.proxitok-local-insecure.middlewares: proxitok-web-redirect
+      # Local domain secure
+      traefik.http.routers.proxitok-local.rule: Host(`proxitok.${LOCAL_DOMAIN}`)
+      traefik.http.routers.proxitok-local.entrypoints: websecure
+      traefik.http.routers.proxitok-local.service: proxitok
+      traefik.http.routers.proxitok-local.tls: true
 
   proxitok-redis:
     container_name: proxitok-redis
@@ -44,4 +62,4 @@ services:
 
 
 volumes:
-  proxitok-cache:
+  proxitok-cache:

apps/qbittorrent/config.json

@@ -5,7 +5,7 @@
   "exposable": true,
   "port": 8133,
   "id": "qbittorrent",
-  "tipi_version": 5,
+  "tipi_version": 6,
   "version": "4.5.3",
   "categories": [
     "utilities"

apps/qbittorrent/docker-compose.yml

@@ -21,10 +21,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.qbittorrent-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.qbittorrent.loadbalancer.server.port: ${APP_PORT}
+      # Web
+      traefik.http.routers.qbittorrent-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.qbittorrent-insecure.entrypoints: web
+      traefik.http.routers.qbittorrent-insecure.service: qbittorrent
+      traefik.http.routers.qbittorrent-insecure.middlewares: qbittorrent-web-redirect
+      # Websecure
       traefik.http.routers.qbittorrent.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.qbittorrent.entrypoints: websecure
       traefik.http.routers.qbittorrent.service: qbittorrent
       traefik.http.routers.qbittorrent.tls.certresolver: myresolver
-      traefik.http.services.qbittorrent.loadbalancer.server.port: ${APP_PORT}
-
+      # Local domain
+      traefik.http.routers.qbittorrent-local-insecure.rule: Host(`qbittorrent.${LOCAL_DOMAIN}`)
+      traefik.http.routers.qbittorrent-local-insecure.entrypoints: web
+      traefik.http.routers.qbittorrent-local-insecure.service: qbittorrent
+      traefik.http.routers.qbittorrent-local-insecure.middlewares: qbittorrent-web-redirect
+      # Local domain secure
+      traefik.http.routers.qbittorrent-local.rule: Host(`qbittorrent.${LOCAL_DOMAIN}`)
+      traefik.http.routers.qbittorrent-local.entrypoints: websecure
+      traefik.http.routers.qbittorrent-local.service: qbittorrent
+      traefik.http.routers.qbittorrent-local.tls: true

apps/radarr/config.json

@@ -5,7 +5,7 @@
   "exposable": true,
   "port": 8088,
   "id": "radarr",
-  "tipi_version": 6,
+  "tipi_version": 7,
   "version": "4.5.2",
   "categories": [
     "media",

apps/radarr/docker-compose.yml

@@ -19,9 +19,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.radarr-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.radarr.loadbalancer.server.port: 7878
+      # Web
+      traefik.http.routers.radarr-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.radarr-insecure.entrypoints: web
+      traefik.http.routers.radarr-insecure.service: radarr
+      traefik.http.routers.radarr-insecure.middlewares: radarr-web-redirect
+      # Websecure
       traefik.http.routers.radarr.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.radarr.entrypoints: websecure
       traefik.http.routers.radarr.service: radarr
       traefik.http.routers.radarr.tls.certresolver: myresolver
-      traefik.http.services.radarr.loadbalancer.server.port: 7878
+      # Local domain
+      traefik.http.routers.radarr-local-insecure.rule: Host(`radarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.radarr-local-insecure.entrypoints: web
+      traefik.http.routers.radarr-local-insecure.service: radarr
+      traefik.http.routers.radarr-local-insecure.middlewares: radarr-web-redirect
+      # Local domain secure
+      traefik.http.routers.radarr-local.rule: Host(`radarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.radarr-local.entrypoints: websecure
+      traefik.http.routers.radarr-local.service: radarr
+      traefik.http.routers.radarr-local.tls: true

apps/readarr/config.json

@@ -5,9 +5,12 @@
   "exposable": true,
   "port": 8112,
   "id": "readarr",
-  "tipi_version": 3,
+  "tipi_version": 4,
   "version": "develop",
-  "categories": ["books", "media"],
+  "categories": [
+    "books",
+    "media"
+  ],
   "description": "",
   "short_desc": "Book Manager and Automation (Sonarr for Ebooks)",
   "author": "readarr.com",

apps/readarr/docker-compose.yml

@@ -19,9 +19,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.readarr-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.readarr.loadbalancer.server.port: 8787
+      # Web
+      traefik.http.routers.readarr-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.readarr-insecure.entrypoints: web
+      traefik.http.routers.readarr-insecure.service: readarr
+      traefik.http.routers.readarr-insecure.middlewares: readarr-web-redirect
+      # Websecure
       traefik.http.routers.readarr.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.readarr.entrypoints: websecure
       traefik.http.routers.readarr.service: readarr
       traefik.http.routers.readarr.tls.certresolver: myresolver
-      traefik.http.services.readarr.loadbalancer.server.port: 8787
+      # Local domain
+      traefik.http.routers.readarr-local-insecure.rule: Host(`readarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.readarr-local-insecure.entrypoints: web
+      traefik.http.routers.readarr-local-insecure.service: readarr
+      traefik.http.routers.readarr-local-insecure.middlewares: readarr-web-redirect
+      # Local domain secure
+      traefik.http.routers.readarr-local.rule: Host(`readarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.readarr-local.entrypoints: websecure
+      traefik.http.routers.readarr-local.service: readarr
+      traefik.http.routers.readarr-local.tls: true

apps/resilio-sync/config.json

@@ -4,9 +4,12 @@
   "port": 8113,
   "available": true,
   "id": "resilio-sync",
-  "tipi_version": 1,
+  "tipi_version": 2,
   "version": "2.7.3",
-  "categories": ["data", "utilities"],
+  "categories": [
+    "data",
+    "utilities"
+  ],
   "description": "",
   "short_desc": "Resilio Sync is a fast, reliable, and simple file sync and share solution, powered by P2P technology",
   "author": "Resilio, Inc.",

apps/resilio-sync/docker-compose.yml

@@ -17,9 +17,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.resilio-sync-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.resilio-sync.loadbalancer.server.port: 8888
+      # Web
+      traefik.http.routers.resilio-sync-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.resilio-sync-insecure.entrypoints: web
+      traefik.http.routers.resilio-sync-insecure.service: resilio-sync
+      traefik.http.routers.resilio-sync-insecure.middlewares: resilio-sync-web-redirect
+      # Websecure
       traefik.http.routers.resilio-sync.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.resilio-sync.entrypoints: websecure
       traefik.http.routers.resilio-sync.service: resilio-sync
       traefik.http.routers.resilio-sync.tls.certresolver: myresolver
-      traefik.http.services.resilio-sync.loadbalancer.server.port: 8888
+      # Local domain
+      traefik.http.routers.resilio-sync-local-insecure.rule: Host(`resilio-sync.${LOCAL_DOMAIN}`)
+      traefik.http.routers.resilio-sync-local-insecure.entrypoints: web
+      traefik.http.routers.resilio-sync-local-insecure.service: resilio-sync
+      traefik.http.routers.resilio-sync-local-insecure.middlewares: resilio-sync-web-redirect
+      # Local domain secure
+      traefik.http.routers.resilio-sync-local.rule: Host(`resilio-sync.${LOCAL_DOMAIN}`)
+      traefik.http.routers.resilio-sync-local.entrypoints: websecure
+      traefik.http.routers.resilio-sync-local.service: resilio-sync
+      traefik.http.routers.resilio-sync-local.tls: true

apps/romm/config.json

@@ -5,7 +5,7 @@
   "available": true,
   "exposable": true,
   "id": "romm",
-  "tipi_version": 7,
+  "tipi_version": 8,
   "version": "1.8.4",
   "categories": [
     "gaming"

apps/romm/docker-compose.yml

@@ -26,12 +26,30 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.romm-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.romm.loadbalancer.server.port: 80
+      # Web
+      traefik.http.routers.romm-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.romm-insecure.entrypoints: web
+      traefik.http.routers.romm-insecure.service: romm
+      traefik.http.routers.romm-insecure.middlewares: romm-web-redirect
+      # Websecure
       traefik.http.routers.romm.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.romm.entrypoints: websecure
       traefik.http.routers.romm.service: romm
       traefik.http.routers.romm.tls.certresolver: myresolver
-      traefik.http.services.romm.loadbalancer.server.port: 80
+      # Local domain
+      traefik.http.routers.romm-local-insecure.rule: Host(`romm.${LOCAL_DOMAIN}`)
+      traefik.http.routers.romm-local-insecure.entrypoints: web
+      traefik.http.routers.romm-local-insecure.service: romm
+      traefik.http.routers.romm-local-insecure.middlewares: romm-web-redirect
+      # Local domain secure
+      traefik.http.routers.romm-local.rule: Host(`romm.${LOCAL_DOMAIN}`)
+      traefik.http.routers.romm-local.entrypoints: websecure
+      traefik.http.routers.romm-local.service: romm
+      traefik.http.routers.romm-local.tls: true
 
   romm-db:
     image: lscr.io/linuxserver/mariadb:latest
@@ -45,4 +63,4 @@ services:
       - ${APP_DATA_DIR}/data/mysql/config:/config
     restart: "unless-stopped"
     networks:
-      - tipi_main_network
+      - tipi_main_network

apps/rss/config.json

@@ -5,7 +5,7 @@
   "available": true,
   "exposable": true,
   "id": "rss",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "1.3.0",
   "categories": [
     "utilities",

apps/rss/docker-compose.yml

@@ -13,12 +13,30 @@ services:
     ports:
       - '${APP_PORT}:80'
     restart: unless-stopped
+    networks:
+      - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.rss-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.rss.loadbalancer.server.port: 80
+      # Web
+      traefik.http.routers.rss-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.rss-insecure.entrypoints: web
+      traefik.http.routers.rss-insecure.service: rss
+      traefik.http.routers.rss-insecure.middlewares: rss-web-redirect
+      # Websecure
       traefik.http.routers.rss.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.rss.entrypoints: websecure
       traefik.http.routers.rss.service: rss
       traefik.http.routers.rss.tls.certresolver: myresolver
-      traefik.http.services.rss.loadbalancer.server.port: 80
-    networks:
-      - tipi_main_network
+      # Local domain
+      traefik.http.routers.rss-local-insecure.rule: Host(`rss.${LOCAL_DOMAIN}`)
+      traefik.http.routers.rss-local-insecure.entrypoints: web
+      traefik.http.routers.rss-local-insecure.service: rss
+      traefik.http.routers.rss-local-insecure.middlewares: rss-web-redirect
+      # Local domain secure
+      traefik.http.routers.rss-local.rule: Host(`rss.${LOCAL_DOMAIN}`)
+      traefik.http.routers.rss-local.entrypoints: websecure
+      traefik.http.routers.rss-local.service: rss
+      traefik.http.routers.rss-local.tls: true

apps/sabnzbd/config.json

@@ -5,7 +5,7 @@
   "available": true,
   "exposable": true,
   "id": "sabnzbd",
-  "tipi_version": 5,
+  "tipi_version": 6,
   "version": "4.0.2",
   "categories": [
     "media",

apps/sabnzbd/docker-compose.yml

@@ -17,9 +17,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.sabnzbd-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.sabnzbd.loadbalancer.server.port: 8080
+      # Web
+      traefik.http.routers.sabnzbd-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.sabnzbd-insecure.entrypoints: web
+      traefik.http.routers.sabnzbd-insecure.service: sabnzbd
+      traefik.http.routers.sabnzbd-insecure.middlewares: sabnzbd-web-redirect
+      # Websecure
       traefik.http.routers.sabnzbd.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.sabnzbd.entrypoints: websecure
       traefik.http.routers.sabnzbd.service: sabnzbd
       traefik.http.routers.sabnzbd.tls.certresolver: myresolver
-      traefik.http.services.sabnzbd.loadbalancer.server.port: 8080
+      # Local domain
+      traefik.http.routers.sabnzbd-local-insecure.rule: Host(`sabnzbd.${LOCAL_DOMAIN}`)
+      traefik.http.routers.sabnzbd-local-insecure.entrypoints: web
+      traefik.http.routers.sabnzbd-local-insecure.service: sabnzbd
+      traefik.http.routers.sabnzbd-local-insecure.middlewares: sabnzbd-web-redirect
+      # Local domain secure
+      traefik.http.routers.sabnzbd-local.rule: Host(`sabnzbd.${LOCAL_DOMAIN}`)
+      traefik.http.routers.sabnzbd-local.entrypoints: websecure
+      traefik.http.routers.sabnzbd-local.service: sabnzbd
+      traefik.http.routers.sabnzbd-local.tls: true

apps/searxng/config.json

@@ -5,9 +5,11 @@
   "exposable": true,
   "port": 8127,
   "id": "searxng",
-  "tipi_version": 3,
+  "tipi_version": 4,
   "version": "2022.11.11-3a765113",
-  "categories": ["social"],
+  "categories": [
+    "social"
+  ],
   "description": "SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.",
   "short_desc": "Privacy-respecting, hackable metasearch engine",
   "author": "searxng",

apps/searxng/docker-compose.yml

@@ -16,9 +16,27 @@ services:
       - BASE_URL=${APP_PROTOCOL:-http}://${APP_DOMAIN}/
       - SECRET_KEY=${SEARXNG_SECRET_KEY}
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.searxng-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.searxng.loadbalancer.server.port: 8080
+      # Web
+      traefik.http.routers.searxng-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.searxng-insecure.entrypoints: web
+      traefik.http.routers.searxng-insecure.service: searxng
+      traefik.http.routers.searxng-insecure.middlewares: searxng-web-redirect
+      # Websecure
       traefik.http.routers.searxng.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.searxng.entrypoints: websecure
       traefik.http.routers.searxng.service: searxng
       traefik.http.routers.searxng.tls.certresolver: myresolver
-      traefik.http.services.searxng.loadbalancer.server.port: 8080
+      # Local domain
+      traefik.http.routers.searxng-local-insecure.rule: Host(`searxng.${LOCAL_DOMAIN}`)
+      traefik.http.routers.searxng-local-insecure.entrypoints: web
+      traefik.http.routers.searxng-local-insecure.service: searxng
+      traefik.http.routers.searxng-local-insecure.middlewares: searxng-web-redirect
+      # Local domain secure
+      traefik.http.routers.searxng-local.rule: Host(`searxng.${LOCAL_DOMAIN}`)
+      traefik.http.routers.searxng-local.entrypoints: websecure
+      traefik.http.routers.searxng-local.service: searxng
+      traefik.http.routers.searxng-local.tls: true

apps/send/config.json

@@ -5,9 +5,11 @@
   "exposable": true,
   "port": 8126,
   "id": "send",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "latest",
-  "categories": ["utilities"],
+  "categories": [
+    "utilities"
+  ],
   "description": "A file sharing experiment which allows you to send encrypted files to other users.",
   "short_desc": "Simple, private file sharing. https://send.vis.ee/",
   "author": "timvisee",

apps/send/docker-compose.yml

@@ -25,12 +25,30 @@ services:
     depends_on:
       - send-redis
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.send-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.send.loadbalancer.server.port: 1443
+      # Web
+      traefik.http.routers.send-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.send-insecure.entrypoints: web
+      traefik.http.routers.send-insecure.service: send
+      traefik.http.routers.send-insecure.middlewares: send-web-redirect
+      # Websecure
       traefik.http.routers.send.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.send.entrypoints: websecure
       traefik.http.routers.send.service: send
       traefik.http.routers.send.tls.certresolver: myresolver
-      traefik.http.services.send.loadbalancer.server.port: 1443
+      # Local domain
+      traefik.http.routers.send-local-insecure.rule: Host(`send.${LOCAL_DOMAIN}`)
+      traefik.http.routers.send-local-insecure.entrypoints: web
+      traefik.http.routers.send-local-insecure.service: send
+      traefik.http.routers.send-local-insecure.middlewares: send-web-redirect
+      # Local domain secure
+      traefik.http.routers.send-local.rule: Host(`send.${LOCAL_DOMAIN}`)
+      traefik.http.routers.send-local.entrypoints: websecure
+      traefik.http.routers.send-local.service: send
+      traefik.http.routers.send-local.tls: true
   
   send-redis:
     image: redis:alpine

apps/simplex-smp/config.json

@@ -6,7 +6,7 @@
   "exposable": true,
   "no_gui": true,
   "id": "simplex-smp",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "5.1.1",
   "categories": [
     "social"

apps/simplex-smp/docker-compose.yml

@@ -14,9 +14,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
-      traefik.http.routers.simplex.rule: Host(`${APP_DOMAIN}`)
-      traefik.http.routers.simplex.entrypoints: websecure
-      traefik.http.routers.simplex.service: simplex
-      traefik.http.routers.simplex.tls.certresolver: myresolver
-      traefik.http.services.simplex.loadbalancer.server.port: 5223
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.simplex-smp-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.simplex-smp.loadbalancer.server.port: 5223
+      # Web
+      traefik.http.routers.simplex-smp-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.simplex-smp-insecure.entrypoints: web
+      traefik.http.routers.simplex-smp-insecure.service: simplex-smp
+      traefik.http.routers.simplex-smp-insecure.middlewares: simplex-smp-web-redirect
+      # Websecure
+      traefik.http.routers.simplex-smp.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.simplex-smp.entrypoints: websecure
+      traefik.http.routers.simplex-smp.service: simplex-smp
+      traefik.http.routers.simplex-smp.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.simplex-smp-local-insecure.rule: Host(`simplex-smp.${LOCAL_DOMAIN}`)
+      traefik.http.routers.simplex-smp-local-insecure.entrypoints: web
+      traefik.http.routers.simplex-smp-local-insecure.service: simplex-smp
+      traefik.http.routers.simplex-smp-local-insecure.middlewares: simplex-smp-web-redirect
+      # Local domain secure
+      traefik.http.routers.simplex-smp-local.rule: Host(`simplex-smp.${LOCAL_DOMAIN}`)
+      traefik.http.routers.simplex-smp-local.entrypoints: websecure
+      traefik.http.routers.simplex-smp-local.service: simplex-smp
+      traefik.http.routers.simplex-smp-local.tls: true

apps/sonarr/config.json

@@ -5,9 +5,12 @@
   "exposable": true,
   "port": 8098,
   "id": "sonarr",
-  "tipi_version": 4,
+  "tipi_version": 5,
   "version": "3.0.10",
-  "categories": ["media", "utilities"],
+  "categories": [
+    "media",
+    "utilities"
+  ],
   "description": "Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available.",
   "short_desc": "TV show manager for Usenet and BitTorrent",
   "author": "sonarr.tv",

apps/sonarr/docker-compose.yml

@@ -19,9 +19,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.sonarr-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.sonarr.loadbalancer.server.port: 8989
+      # Web
+      traefik.http.routers.sonarr-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.sonarr-insecure.entrypoints: web
+      traefik.http.routers.sonarr-insecure.service: sonarr
+      traefik.http.routers.sonarr-insecure.middlewares: sonarr-web-redirect
+      # Websecure
       traefik.http.routers.sonarr.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.sonarr.entrypoints: websecure
       traefik.http.routers.sonarr.service: sonarr
       traefik.http.routers.sonarr.tls.certresolver: myresolver
-      traefik.http.services.sonarr.loadbalancer.server.port: 8989
+      # Local domain
+      traefik.http.routers.sonarr-local-insecure.rule: Host(`sonarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.sonarr-local-insecure.entrypoints: web
+      traefik.http.routers.sonarr-local-insecure.service: sonarr
+      traefik.http.routers.sonarr-local-insecure.middlewares: sonarr-web-redirect
+      # Local domain secure
+      traefik.http.routers.sonarr-local.rule: Host(`sonarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.sonarr-local.entrypoints: websecure
+      traefik.http.routers.sonarr-local.service: sonarr
+      traefik.http.routers.sonarr-local.tls: true

apps/syncthing/config.json

@@ -5,7 +5,7 @@
   "exposable": true,
   "port": 8090,
   "id": "syncthing",
-  "tipi_version": 4,
+  "tipi_version": 5,
   "version": "1.23",
   "categories": [
     "data",

apps/syncthing/docker-compose.yml

@@ -20,9 +20,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.syncthing-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.syncthing.loadbalancer.server.port: 8384
+      # Web
+      traefik.http.routers.syncthing-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.syncthing-insecure.entrypoints: web
+      traefik.http.routers.syncthing-insecure.service: syncthing
+      traefik.http.routers.syncthing-insecure.middlewares: syncthing-web-redirect
+      # Websecure
       traefik.http.routers.syncthing.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.syncthing.entrypoints: websecure
       traefik.http.routers.syncthing.service: syncthing
       traefik.http.routers.syncthing.tls.certresolver: myresolver
-      traefik.http.services.syncthing.loadbalancer.server.port: 8384
+      # Local domain
+      traefik.http.routers.syncthing-local-insecure.rule: Host(`syncthing.${LOCAL_DOMAIN}`)
+      traefik.http.routers.syncthing-local-insecure.entrypoints: web
+      traefik.http.routers.syncthing-local-insecure.service: syncthing
+      traefik.http.routers.syncthing-local-insecure.middlewares: syncthing-web-redirect
+      # Local domain secure
+      traefik.http.routers.syncthing-local.rule: Host(`syncthing.${LOCAL_DOMAIN}`)
+      traefik.http.routers.syncthing-local.entrypoints: websecure
+      traefik.http.routers.syncthing-local.service: syncthing
+      traefik.http.routers.syncthing-local.tls: true

apps/tasks-md/config.json

@@ -5,7 +5,7 @@
   "available": true,
   "exposable": true,
   "id": "tasks-md",
-  "tipi_version": 4,
+  "tipi_version": 5,
   "version": "1.10.0",
   "categories": [
     "development"

apps/tasks-md/docker-compose.yml

@@ -15,9 +15,27 @@ services:
       - tipi_main_network
     restart: unless-stopped
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.tasks-md-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.tasks-md.loadbalancer.server.port: 8080
+      # Web
+      traefik.http.routers.tasks-md-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.tasks-md-insecure.entrypoints: web
+      traefik.http.routers.tasks-md-insecure.service: tasks-md
+      traefik.http.routers.tasks-md-insecure.middlewares: tasks-md-web-redirect
+      # Websecure
       traefik.http.routers.tasks-md.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.tasks-md.entrypoints: websecure
       traefik.http.routers.tasks-md.service: tasks-md
       traefik.http.routers.tasks-md.tls.certresolver: myresolver
-      traefik.http.services.tasks-md.loadbalancer.server.port: 8080
+      # Local domain
+      traefik.http.routers.tasks-md-local-insecure.rule: Host(`tasks-md.${LOCAL_DOMAIN}`)
+      traefik.http.routers.tasks-md-local-insecure.entrypoints: web
+      traefik.http.routers.tasks-md-local-insecure.service: tasks-md
+      traefik.http.routers.tasks-md-local-insecure.middlewares: tasks-md-web-redirect
+      # Local domain secure
+      traefik.http.routers.tasks-md-local.rule: Host(`tasks-md.${LOCAL_DOMAIN}`)
+      traefik.http.routers.tasks-md-local.entrypoints: websecure
+      traefik.http.routers.tasks-md-local.service: tasks-md
+      traefik.http.routers.tasks-md-local.tls: true

apps/tautulli/config.json

@@ -5,7 +5,7 @@
   "exposable": true,
   "port": 8181,
   "id": "tautulli",
-  "tipi_version": 7,
+  "tipi_version": 8,
   "version": "2.12.4",
   "categories": [
     "media",

apps/tautulli/docker-compose.yml

@@ -15,9 +15,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.tautulli-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.tautulli.loadbalancer.server.port: 8181
+      # Web
+      traefik.http.routers.tautulli-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.tautulli-insecure.entrypoints: web
+      traefik.http.routers.tautulli-insecure.service: tautulli
+      traefik.http.routers.tautulli-insecure.middlewares: tautulli-web-redirect
+      # Websecure
       traefik.http.routers.tautulli.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.tautulli.entrypoints: websecure
       traefik.http.routers.tautulli.service: tautulli
       traefik.http.routers.tautulli.tls.certresolver: myresolver
-      traefik.http.services.tautulli.loadbalancer.server.port: 8181
+      # Local domain
+      traefik.http.routers.tautulli-local-insecure.rule: Host(`tautulli.${LOCAL_DOMAIN}`)
+      traefik.http.routers.tautulli-local-insecure.entrypoints: web
+      traefik.http.routers.tautulli-local-insecure.service: tautulli
+      traefik.http.routers.tautulli-local-insecure.middlewares: tautulli-web-redirect
+      # Local domain secure
+      traefik.http.routers.tautulli-local.rule: Host(`tautulli.${LOCAL_DOMAIN}`)
+      traefik.http.routers.tautulli-local.entrypoints: websecure
+      traefik.http.routers.tautulli-local.service: tautulli
+      traefik.http.routers.tautulli-local.tls: true

apps/teddit/config.json

@@ -5,9 +5,11 @@
   "exposable": true,
   "port": 8124,
   "id": "teddit",
-  "tipi_version": 1,
+  "tipi_version": 2,
   "version": "latest",
-  "categories": ["social"],
+  "categories": [
+    "social"
+  ],
   "description": "A free and open source alternative Reddit front-end focused on privacy. Inspired by the Nitter project.",
   "short_desc": "Alternative Reddit front-end focused on privacy https://teddit.net",
   "author": "teddit",

apps/teddit/docker-compose.yml

@@ -23,12 +23,30 @@ services:
       interval: 1m
       timeout: 3s
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.teddit-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.teddit.loadbalancer.server.port: 8080
+      # Web
+      traefik.http.routers.teddit-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.teddit-insecure.entrypoints: web
+      traefik.http.routers.teddit-insecure.service: teddit
+      traefik.http.routers.teddit-insecure.middlewares: teddit-web-redirect
+      # Websecure
       traefik.http.routers.teddit.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.teddit.entrypoints: websecure
       traefik.http.routers.teddit.service: teddit
       traefik.http.routers.teddit.tls.certresolver: myresolver
-      traefik.http.services.teddit.loadbalancer.server.port: 8080
+      # Local domain
+      traefik.http.routers.teddit-local-insecure.rule: Host(`teddit.${LOCAL_DOMAIN}`)
+      traefik.http.routers.teddit-local-insecure.entrypoints: web
+      traefik.http.routers.teddit-local-insecure.service: teddit
+      traefik.http.routers.teddit-local-insecure.middlewares: teddit-web-redirect
+      # Local domain secure
+      traefik.http.routers.teddit-local.rule: Host(`teddit.${LOCAL_DOMAIN}`)
+      traefik.http.routers.teddit-local.entrypoints: websecure
+      traefik.http.routers.teddit-local.service: teddit
+      traefik.http.routers.teddit-local.tls: true
   
   teddit-redis:
     image: redis:alpine

apps/transmission/config.json

@@ -10,7 +10,7 @@
     ]
   },
   "id": "transmission",
-  "tipi_version": 6,
+  "tipi_version": 7,
   "version": "4.0.3",
   "categories": [
     "utilities"

apps/transmission/docker-compose.yml

@@ -26,9 +26,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.transmission-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.transmission.loadbalancer.server.port: 9091
+      # Web
+      traefik.http.routers.transmission-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.transmission-insecure.entrypoints: web
+      traefik.http.routers.transmission-insecure.service: transmission
+      traefik.http.routers.transmission-insecure.middlewares: transmission-web-redirect
+      # Websecure
       traefik.http.routers.transmission.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.transmission.entrypoints: websecure
       traefik.http.routers.transmission.service: transmission
       traefik.http.routers.transmission.tls.certresolver: myresolver
-      traefik.http.services.transmission.loadbalancer.server.port: 9091
+      # Local domain
+      traefik.http.routers.transmission-local-insecure.rule: Host(`transmission.${LOCAL_DOMAIN}`)
+      traefik.http.routers.transmission-local-insecure.entrypoints: web
+      traefik.http.routers.transmission-local-insecure.service: transmission
+      traefik.http.routers.transmission-local-insecure.middlewares: transmission-web-redirect
+      # Local domain secure
+      traefik.http.routers.transmission-local.rule: Host(`transmission.${LOCAL_DOMAIN}`)
+      traefik.http.routers.transmission-local.entrypoints: websecure
+      traefik.http.routers.transmission-local.service: transmission
+      traefik.http.routers.transmission-local.tls: true

apps/tubearchivist/config.json

@@ -5,10 +5,15 @@
   "exposable": true,
   "port": 8120,
   "id": "tubearchivist",
-  "tipi_version": 3,
+  "tipi_version": 4,
   "version": "latest",
-  "supported_architectures": ["amd64", "arm64"],
-  "categories": ["media"],
+  "supported_architectures": [
+    "amd64",
+    "arm64"
+  ],
+  "categories": [
+    "media"
+  ],
   "description": "Once your YouTube video collection grows, it becomes hard to search and find a specific video. That's where Tube Archivist comes in: By indexing your video collection with metadata from YouTube, you can organize, search and enjoy your archived YouTube videos without hassle offline through a convenient web interface.",
   "short_desc": "Your self-hosted YouTube media server",
   "author": "bbilly1",

apps/tubearchivist/docker-compose.yml

@@ -25,12 +25,30 @@ services:
     ports:
       - ${APP_PORT}:8000
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.tubearchivist-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.tubearchivist.loadbalancer.server.port: 8000
+      # Web
+      traefik.http.routers.tubearchivist-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.tubearchivist-insecure.entrypoints: web
+      traefik.http.routers.tubearchivist-insecure.service: tubearchivist
+      traefik.http.routers.tubearchivist-insecure.middlewares: tubearchivist-web-redirect
+      # Websecure
       traefik.http.routers.tubearchivist.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.tubearchivist.entrypoints: websecure
       traefik.http.routers.tubearchivist.service: tubearchivist
       traefik.http.routers.tubearchivist.tls.certresolver: myresolver
-      traefik.http.services.tubearchivist.loadbalancer.server.port: 8000
+      # Local domain
+      traefik.http.routers.tubearchivist-local-insecure.rule: Host(`tubearchivist.${LOCAL_DOMAIN}`)
+      traefik.http.routers.tubearchivist-local-insecure.entrypoints: web
+      traefik.http.routers.tubearchivist-local-insecure.service: tubearchivist
+      traefik.http.routers.tubearchivist-local-insecure.middlewares: tubearchivist-web-redirect
+      # Local domain secure
+      traefik.http.routers.tubearchivist-local.rule: Host(`tubearchivist.${LOCAL_DOMAIN}`)
+      traefik.http.routers.tubearchivist-local.entrypoints: websecure
+      traefik.http.routers.tubearchivist-local.service: tubearchivist
+      traefik.http.routers.tubearchivist-local.tls: true
 
   tubearchivist-redis:
     image: redislabs/rejson:latest

apps/umami/config.json

@@ -5,9 +5,11 @@
   "available": true,
   "exposable": true,
   "id": "umami",
-  "tipi_version": 1,
+  "tipi_version": 2,
   "version": "v1.40.0",
-  "categories": ["utilities"],
+  "categories": [
+    "utilities"
+  ],
   "description": "Umami is a simple, fast, privacy-focused alternative to Google Analytics.",
   "short_desc": "Umami is a simple, fast, privacy-focused alternative to Google Analytics.",
   "author": "umami-software",

apps/umami/docker-compose.yml

@@ -16,12 +16,30 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.umami-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.umami.loadbalancer.server.port: 3000
+      # Web
+      traefik.http.routers.umami-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.umami-insecure.entrypoints: web
+      traefik.http.routers.umami-insecure.service: umami
+      traefik.http.routers.umami-insecure.middlewares: umami-web-redirect
+      # Websecure
       traefik.http.routers.umami.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.umami.entrypoints: websecure
       traefik.http.routers.umami.service: umami
       traefik.http.routers.umami.tls.certresolver: myresolver
-      traefik.http.services.umami.loadbalancer.server.port: 3000
+      # Local domain
+      traefik.http.routers.umami-local-insecure.rule: Host(`umami.${LOCAL_DOMAIN}`)
+      traefik.http.routers.umami-local-insecure.entrypoints: web
+      traefik.http.routers.umami-local-insecure.service: umami
+      traefik.http.routers.umami-local-insecure.middlewares: umami-web-redirect
+      # Local domain secure
+      traefik.http.routers.umami-local.rule: Host(`umami.${LOCAL_DOMAIN}`)
+      traefik.http.routers.umami-local.entrypoints: websecure
+      traefik.http.routers.umami-local.service: umami
+      traefik.http.routers.umami-local.tls: true
 
   umami-db:
     container_name: umami-db

apps/uptime-kuma/config.json

@@ -5,9 +5,11 @@
   "exposable": true,
   "port": 8125,
   "id": "uptime-kuma",
-  "tipi_version": 1,
+  "tipi_version": 2,
   "version": "1",
-  "categories": ["utilities"],
+  "categories": [
+    "utilities"
+  ],
   "description": "It is a self-hosted monitoring tool like Uptime Robot.",
   "short_desc": "A fancy self-hosted monitoring tool.",
   "author": "louislam",

apps/uptime-kuma/docker-compose.yml

@@ -13,9 +13,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.uptime-kuma-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.uptime-kuma.loadbalancer.server.port: 3001
+      # Web
+      traefik.http.routers.uptime-kuma-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.uptime-kuma-insecure.entrypoints: web
+      traefik.http.routers.uptime-kuma-insecure.service: uptime-kuma
+      traefik.http.routers.uptime-kuma-insecure.middlewares: uptime-kuma-web-redirect
+      # Websecure
       traefik.http.routers.uptime-kuma.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.uptime-kuma.entrypoints: websecure
       traefik.http.routers.uptime-kuma.service: uptime-kuma
       traefik.http.routers.uptime-kuma.tls.certresolver: myresolver
-      traefik.http.services.uptime-kuma.loadbalancer.server.port: 3001
+      # Local domain
+      traefik.http.routers.uptime-kuma-local-insecure.rule: Host(`uptime-kuma.${LOCAL_DOMAIN}`)
+      traefik.http.routers.uptime-kuma-local-insecure.entrypoints: web
+      traefik.http.routers.uptime-kuma-local-insecure.service: uptime-kuma
+      traefik.http.routers.uptime-kuma-local-insecure.middlewares: uptime-kuma-web-redirect
+      # Local domain secure
+      traefik.http.routers.uptime-kuma-local.rule: Host(`uptime-kuma.${LOCAL_DOMAIN}`)
+      traefik.http.routers.uptime-kuma-local.entrypoints: websecure
+      traefik.http.routers.uptime-kuma-local.service: uptime-kuma
+      traefik.http.routers.uptime-kuma-local.tls: true

apps/vaultwarden/config.json

@@ -5,7 +5,7 @@
   "exposable": true,
   "port": 8107,
   "id": "vaultwarden",
-  "tipi_version": 5,
+  "tipi_version": 6,
   "version": "1.28.1",
   "categories": [
     "utilities"

apps/vaultwarden/docker-compose.yml

@@ -15,9 +15,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.vaultwarden-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.vaultwarden.loadbalancer.server.port: 80
+      # Web
+      traefik.http.routers.vaultwarden-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.vaultwarden-insecure.entrypoints: web
+      traefik.http.routers.vaultwarden-insecure.service: vaultwarden
+      traefik.http.routers.vaultwarden-insecure.middlewares: vaultwarden-web-redirect
+      # Websecure
       traefik.http.routers.vaultwarden.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.vaultwarden.entrypoints: websecure
       traefik.http.routers.vaultwarden.service: vaultwarden
       traefik.http.routers.vaultwarden.tls.certresolver: myresolver
-      traefik.http.services.vaultwarden.loadbalancer.server.port: 80
+      # Local domain
+      traefik.http.routers.vaultwarden-local-insecure.rule: Host(`vaultwarden.${LOCAL_DOMAIN}`)
+      traefik.http.routers.vaultwarden-local-insecure.entrypoints: web
+      traefik.http.routers.vaultwarden-local-insecure.service: vaultwarden
+      traefik.http.routers.vaultwarden-local-insecure.middlewares: vaultwarden-web-redirect
+      # Local domain secure
+      traefik.http.routers.vaultwarden-local.rule: Host(`vaultwarden.${LOCAL_DOMAIN}`)
+      traefik.http.routers.vaultwarden-local.entrypoints: websecure
+      traefik.http.routers.vaultwarden-local.service: vaultwarden
+      traefik.http.routers.vaultwarden-local.tls: true

apps/vikunja/config.json

@@ -5,7 +5,7 @@
   "exposable": true,
   "port": 8135,
   "id": "vikunja",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "0.20.5",
   "categories": [
     "utilities"

apps/vikunja/docker-compose.yml

@@ -60,9 +60,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.vikunja-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.vikunja.loadbalancer.server.port: 80
+      # Web
+      traefik.http.routers.vikunja-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.vikunja-insecure.entrypoints: web
+      traefik.http.routers.vikunja-insecure.service: vikunja
+      traefik.http.routers.vikunja-insecure.middlewares: vikunja-web-redirect
+      # Websecure
       traefik.http.routers.vikunja.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.vikunja.entrypoints: websecure
       traefik.http.routers.vikunja.service: vikunja
       traefik.http.routers.vikunja.tls.certresolver: myresolver
-      traefik.http.services.vikunja.loadbalancer.server.port: 80
+      # Local domain
+      traefik.http.routers.vikunja-local-insecure.rule: Host(`vikunja.${LOCAL_DOMAIN}`)
+      traefik.http.routers.vikunja-local-insecure.entrypoints: web
+      traefik.http.routers.vikunja-local-insecure.service: vikunja
+      traefik.http.routers.vikunja-local-insecure.middlewares: vikunja-web-redirect
+      # Local domain secure
+      traefik.http.routers.vikunja-local.rule: Host(`vikunja.${LOCAL_DOMAIN}`)
+      traefik.http.routers.vikunja-local.entrypoints: websecure
+      traefik.http.routers.vikunja-local.service: vikunja
+      traefik.http.routers.vikunja-local.tls: true

apps/wg-easy/config.json

@@ -5,12 +5,16 @@
   "exposable": true,
   "port": 8082,
   "requirements": {
-    "ports": [51820]
+    "ports": [
+      51820
+    ]
   },
   "id": "wg-easy",
-  "tipi_version": 4,
+  "tipi_version": 5,
   "version": "7",
-  "categories": ["network"],
+  "categories": [
+    "network"
+  ],
   "description": "Access your homeserver from anywhere even on your mobile device. Wireguard-easy is a simple tool to configure and manage Wireguard VPN servers. It is written in Go and uses the official Wireguard client. You have to open and redirect port 51820 to your homeserver in order to connect.",
   "short_desc": "VPN server for your homeserver",
   "author": "WeeJeWel",

apps/wg-easy/docker-compose.yml

@@ -23,9 +23,27 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.wg-easy-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.wg-easy.loadbalancer.server.port: 51821
+      # Web
+      traefik.http.routers.wg-easy-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.wg-easy-insecure.entrypoints: web
+      traefik.http.routers.wg-easy-insecure.service: wg-easy
+      traefik.http.routers.wg-easy-insecure.middlewares: wg-easy-web-redirect
+      # Websecure
       traefik.http.routers.wg-easy.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.wg-easy.entrypoints: websecure
       traefik.http.routers.wg-easy.service: wg-easy
       traefik.http.routers.wg-easy.tls.certresolver: myresolver
-      traefik.http.services.wg-easy.loadbalancer.server.port: 51821
+      # Local domain
+      traefik.http.routers.wg-easy-local-insecure.rule: Host(`wg-easy.${LOCAL_DOMAIN}`)
+      traefik.http.routers.wg-easy-local-insecure.entrypoints: web
+      traefik.http.routers.wg-easy-local-insecure.service: wg-easy
+      traefik.http.routers.wg-easy-local-insecure.middlewares: wg-easy-web-redirect
+      # Local domain secure
+      traefik.http.routers.wg-easy-local.rule: Host(`wg-easy.${LOCAL_DOMAIN}`)
+      traefik.http.routers.wg-easy-local.entrypoints: websecure
+      traefik.http.routers.wg-easy-local.service: wg-easy
+      traefik.http.routers.wg-easy-local.tls: true

apps/wikijs/config.json

@@ -5,7 +5,7 @@
   "available": true,
   "exposable": true,
   "id": "wikijs",
-  "tipi_version": 3,
+  "tipi_version": 4,
   "version": "2.5.299",
   "categories": [
     "media"

apps/wikijs/docker-compose.yml

@@ -19,12 +19,30 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.wikijs-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.wikijs.loadbalancer.server.port: 3000
+      # Web
+      traefik.http.routers.wikijs-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.wikijs-insecure.entrypoints: web
+      traefik.http.routers.wikijs-insecure.service: wikijs
+      traefik.http.routers.wikijs-insecure.middlewares: wikijs-web-redirect
+      # Websecure
       traefik.http.routers.wikijs.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.wikijs.entrypoints: websecure
       traefik.http.routers.wikijs.service: wikijs
       traefik.http.routers.wikijs.tls.certresolver: myresolver
-      traefik.http.services.wikijs.loadbalancer.server.port: 3000
+      # Local domain
+      traefik.http.routers.wikijs-local-insecure.rule: Host(`wikijs.${LOCAL_DOMAIN}`)
+      traefik.http.routers.wikijs-local-insecure.entrypoints: web
+      traefik.http.routers.wikijs-local-insecure.service: wikijs
+      traefik.http.routers.wikijs-local-insecure.middlewares: wikijs-web-redirect
+      # Local domain secure
+      traefik.http.routers.wikijs-local.rule: Host(`wikijs.${LOCAL_DOMAIN}`)
+      traefik.http.routers.wikijs-local.entrypoints: websecure
+      traefik.http.routers.wikijs-local.service: wikijs
+      traefik.http.routers.wikijs-local.tls: true
 
   wikijs-db:
     container_name: wikijs-db

apps/wizarr/config.json

@@ -5,7 +5,7 @@
   "available": true,
   "exposable": true,
   "id": "wizarr",
-  "tipi_version": 4,
+  "tipi_version": 5,
   "version": "2.2.0",
   "categories": [
     "utilities"

apps/wizarr/docker-compose.yml

@@ -15,11 +15,29 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.wizarr-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.wizarr.loadbalancer.server.port: 5690
+      # Web
+      traefik.http.routers.wizarr-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.wizarr-insecure.entrypoints: web
+      traefik.http.routers.wizarr-insecure.service: wizarr
+      traefik.http.routers.wizarr-insecure.middlewares: wizarr-web-redirect
+      # Websecure
       traefik.http.routers.wizarr.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.wizarr.entrypoints: websecure
       traefik.http.routers.wizarr.service: wizarr
       traefik.http.routers.wizarr.tls.certresolver: myresolver
-      traefik.http.services.wizarr.loadbalancer.server.port: 5690
+      # Local domain
+      traefik.http.routers.wizarr-local-insecure.rule: Host(`wizarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.wizarr-local-insecure.entrypoints: web
+      traefik.http.routers.wizarr-local-insecure.service: wizarr
+      traefik.http.routers.wizarr-local-insecure.middlewares: wizarr-web-redirect
+      # Local domain secure
+      traefik.http.routers.wizarr-local.rule: Host(`wizarr.${LOCAL_DOMAIN}`)
+      traefik.http.routers.wizarr-local.entrypoints: websecure
+      traefik.http.routers.wizarr-local.service: wizarr
+      traefik.http.routers.wizarr-local.tls: true
 
 

apps/your-spotify/config.json

@@ -5,9 +5,12 @@
   "exposable": true,
   "port": 8103,
   "id": "your-spotify",
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "latest",
-  "categories": ["music", "utilities"],
+  "categories": [
+    "music",
+    "utilities"
+  ],
   "description": "Self hosted Spotify tracking dashboard.",
   "short_desc": "Self hosted Spotify tracking dashboard.",
   "author": "Yooooomi",

apps/your-spotify/docker-compose.yml

@@ -14,12 +14,30 @@ services:
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.your-spotify-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.your-spotify.loadbalancer.server.port: 3000
+      # Web
+      traefik.http.routers.your-spotify-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.your-spotify-insecure.entrypoints: web
+      traefik.http.routers.your-spotify-insecure.service: your-spotify
+      traefik.http.routers.your-spotify-insecure.middlewares: your-spotify-web-redirect
+      # Websecure
       traefik.http.routers.your-spotify.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.your-spotify.entrypoints: websecure
       traefik.http.routers.your-spotify.service: your-spotify
       traefik.http.routers.your-spotify.tls.certresolver: myresolver
-      traefik.http.services.your-spotify.loadbalancer.server.port: 3000
+      # Local domain
+      traefik.http.routers.your-spotify-local-insecure.rule: Host(`your-spotify.${LOCAL_DOMAIN}`)
+      traefik.http.routers.your-spotify-local-insecure.entrypoints: web
+      traefik.http.routers.your-spotify-local-insecure.service: your-spotify
+      traefik.http.routers.your-spotify-local-insecure.middlewares: your-spotify-web-redirect
+      # Local domain secure
+      traefik.http.routers.your-spotify-local.rule: Host(`your-spotify.${LOCAL_DOMAIN}`)
+      traefik.http.routers.your-spotify-local.entrypoints: websecure
+      traefik.http.routers.your-spotify-local.service: your-spotify
+      traefik.http.routers.your-spotify-local.tls: true
       
   your-spotify-server:
     container_name: your-spotify-server