Added Flaresolverr

README.md

@@ -82,6 +82,7 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
 | 🔄 **AdGuardHome Sync**    | A tool for syncing configuration across multiple AdGuard Home instances.        | [Details](services/adguardhome-sync)    |
 | 🌐 **Caddy**               | Caddy is an extensible server platform that uses TLS by default.                | [Details](services/caddy)               |
 | 🌐 **DDNS Updater**        | A self-hosted solution to keep DNS A/AAAA records updated automatically.        | [Details](services/ddns-updater)        |
+| 🌐 **Flaresolverr**        | A proxy server to bypass Cloudflare and DDoS-GUARD protection.                  | [Details](services/flaresolverr)        |
 | 🔍 **Nessus**              | A powerful vulnerability scanner with a free Essentials model for home use.     | [Details](services/nessus)              |
 | 🗃️ **Netbox**              | NetBox is the leading solution for modeling and documenting modern networks.    | [Details](services/netbox)              |
 | 🧩 **Pi-hole**             | A network-level ad blocker that acts as a DNS sinkhole.                         | [Details](services/pihole)              |

services/flaresolverr/.env

@@ -0,0 +1,17 @@
+#version=1.1
+#URL=https://github.com/tailscale-dev/ScaleTail
+#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure.
+
+# Service Configuration
+SERVICE=flaresolverr
+IMAGE_URL=ghcr.io/flaresolverr/flaresolverr:latest
+
+# Network Configuration
+SERVICEPORT=8191
+DNS_SERVER=9.9.9.9
+
+# Tailscale Configuration
+TS_AUTHKEY=
+
+# Optional Service variables
+# PUID=1000

services/flaresolverr/README.md

@@ -0,0 +1,11 @@
+# FlareSolverr with Tailscale Sidecar Configuration
+
+This Docker Compose configuration sets up FlareSolverr with Tailscale as a sidecar container to securely manage and route traffic for your Cloudflare bypass proxy over a private Tailscale network. By using Tailscale in a sidecar configuration, you can enhance the security of your FlareSolverr instance, ensuring that its API is only accessible within your Tailscale network.
+
+## FlareSolverr
+
+FlareSolverr is an open-source proxy server to bypass Cloudflare and other anti-bot protections. It acts as a transparent bridge between your media automation tools (like Prowlarr or Jackett) and indexers that use Cloudflare, silently solving browser challenges in the background. This configuration leverages Tailscale to securely connect to your FlareSolverr API, ensuring that the proxy endpoint is protected from unauthorized access and that your instance is only accessible via your private Tailscale network.
+
+## Configuration Overview
+
+In this setup, the tailscale-flaresolverr service runs Tailscale, which manages secure networking for the FlareSolverr service. The flaresolverr service uses the Tailscale network stack via Docker's network_mode: service: configuration. This setup ensures that FlareSolverr’s API (typically running on port 8191) is only accessible through the Tailscale network (or locally, if preferred), providing an extra layer of security and privacy for your self-hosted anti-bot proxy.

services/flaresolverr/compose.yaml

@@ -0,0 +1,61 @@
+configs:
+  ts-serve:
+    content: |
+      {"TCP":{"443":{"HTTPS":true}},
+      "Web":{"$${TS_CERT_DOMAIN}:443":
+          {"Handlers":{"/":
+          {"Proxy":"http://127.0.0.1:8191"}}}},
+      "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}}
+
+services:
+  # Make sure you have updated/checked the .env file with the correct variables.
+  # All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: tailscale-${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The <addr>:<port> for the healthz endpoint
+      #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
+      - TS_AUTH_ONCE=true
+    configs:
+      - source: ts-serve
+        target: /config/serve.json
+    volumes:
+      - ./config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+    #ports:
+    #  - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    #dns:
+    #  - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  application:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE}-server # Name for local container management
+    environment:
+      - LOG_LEVEL=${LOG_LEVEL:-info}
+      - LOG_FILE=${LOG_FILE:-none}
+      - LOG_HTML=${LOG_HTML:-false}
+      - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
+      - TZ=Europe/Amsterdam
+    restart: unless-stopped