From c166710b961156917b7926f10c25a8b047ea19a5 Mon Sep 17 00:00:00 2001 From: ravitejalam Date: Sat, 4 Apr 2026 12:33:57 +0530 Subject: [PATCH 1/5] Immich redis version fix --- services/immich/compose.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/services/immich/compose.yaml b/services/immich/compose.yaml index 40b61790..4a72d2f0 100644 --- a/services/immich/compose.yaml +++ b/services/immich/compose.yaml @@ -8,8 +8,8 @@ configs: "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} services: -# Make sure you have updated/checked the .env file with the correct variables. -# All the ${ xx } need to be defined there. + # Make sure you have updated/checked the .env file with the correct variables. + # All the ${ xx } need to be defined there. # Tailscale Sidecar Configuration tailscale: image: tailscale/tailscale:latest # Image to be used @@ -20,8 +20,8 @@ services: - TS_STATE_DIR=/var/lib/tailscale - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required - TS_USERSPACE=false - - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" - - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS - TS_AUTH_ONCE=true configs: @@ -37,7 +37,7 @@ services: #ports: # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below - #dns: + #dns: # - ${DNS_SERVER} healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational @@ -92,19 +92,19 @@ services: redis: container_name: app-${SERVICE}-redis - image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177 + image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6 healthcheck: test: redis-cli ping || exit 1 restart: always database: container_name: app-${SERVICE}-postgres - image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0 + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23 environment: POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_USER: ${DB_USERNAME} POSTGRES_DB: ${DB_DATABASE_NAME} - POSTGRES_INITDB_ARGS: '--data-checksums' + POSTGRES_INITDB_ARGS: "--data-checksums" # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs # DB_STORAGE_TYPE: 'HDD' volumes: From 4e7056a96964ce498686354c3cf84d81a495f119 Mon Sep 17 00:00:00 2001 From: ravitejalam Date: Mon, 6 Apr 2026 16:29:55 +0530 Subject: [PATCH 2/5] Added Flaresolverr --- services/flaresolverr/.env | 16 ++++++++ services/flaresolverr/README.md | 11 +++++ services/flaresolverr/compose.yaml | 65 ++++++++++++++++++++++++++++++ 3 files changed, 92 insertions(+) create mode 100644 services/flaresolverr/.env create mode 100644 services/flaresolverr/README.md create mode 100644 services/flaresolverr/compose.yaml diff --git a/services/flaresolverr/.env b/services/flaresolverr/.env new file mode 100644 index 00000000..6f0c33bd --- /dev/null +++ b/services/flaresolverr/.env @@ -0,0 +1,16 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=flaresolverr + +# Network Configuration +SERVICEPORT=8191 +DNS_SERVER=9.9.9.9 + +# Tailscale Configuration +TS_AUTHKEY= + +# Optional Service variables +# PUID=1000 diff --git a/services/flaresolverr/README.md b/services/flaresolverr/README.md new file mode 100644 index 00000000..cfa40be0 --- /dev/null +++ b/services/flaresolverr/README.md @@ -0,0 +1,11 @@ +# FlareSolverr with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up FlareSolverr with Tailscale as a sidecar container to securely manage and route traffic for your Cloudflare bypass proxy over a private Tailscale network. By using Tailscale in a sidecar configuration, you can enhance the security of your FlareSolverr instance, ensuring that its API is only accessible within your Tailscale network. + +## FlareSolverr + +FlareSolverr is an open-source proxy server to bypass Cloudflare and other anti-bot protections. It acts as a transparent bridge between your media automation tools (like Prowlarr or Jackett) and indexers that use Cloudflare, silently solving browser challenges in the background. This configuration leverages Tailscale to securely connect to your FlareSolverr API, ensuring that the proxy endpoint is protected from unauthorized access and that your instance is only accessible via your private Tailscale network. + +## Configuration Overview + +In this setup, the tailscale-flaresolverr service runs Tailscale, which manages secure networking for the FlareSolverr service. The flaresolverr service uses the Tailscale network stack via Docker's network_mode: service: configuration. This setup ensures that FlareSolverrโ€™s API (typically running on port 8191) is only accessible through the Tailscale network (or locally, if preferred), providing an extra layer of security and privacy for your self-hosted anti-bot proxy. diff --git a/services/flaresolverr/compose.yaml b/services/flaresolverr/compose.yaml new file mode 100644 index 00000000..cb8772a8 --- /dev/null +++ b/services/flaresolverr/compose.yaml @@ -0,0 +1,65 @@ +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:8191"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + +services: + # Make sure you have updated/checked the .env file with the correct variables. + # All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true + configs: + - source: ts-serve + target: /config/serve.json + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + #dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + # ${SERVICE} + application: + image: ghcr.io/flaresolverr/flaresolverr:latest + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + container_name: app-${SERVICE}-server # Name for local container management + environment: + - LOG_LEVEL=${LOG_LEVEL:-info} + - LOG_FILE=${LOG_FILE:-none} + - LOG_HTML=${LOG_HTML:-false} + - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} + - TZ=Asia/Kolkata + # ports: + # - "8191:8191" + volumes: + - /var/lib/flaresolver:/config + restart: unless-stopped From 7cfc6f2eea368f2067a73e80c09fc90a5391ae0a Mon Sep 17 00:00:00 2001 From: ravitejalam Date: Mon, 6 Apr 2026 17:45:53 +0530 Subject: [PATCH 3/5] Flaresolverr added --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7644830d..3fdca755 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,7 @@ ScaleTail provides ready-to-run [Docker Compose](https://docs.docker.com/compose | ๐Ÿ”„ **AdGuardHome Sync** | A tool for syncing configuration across multiple AdGuard Home instances. | [Details](services/adguardhome-sync) | | ๐ŸŒ **Caddy** | Caddy is an extensible server platform that uses TLS by default. | [Details](services/caddy) | | ๐ŸŒ **DDNS Updater** | A self-hosted solution to keep DNS A/AAAA records updated automatically. | [Details](services/ddns-updater) | +| ๐ŸŒ **Flaresolverr** | A proxy server to bypass Cloudflare and DDoS-GUARD protection. | [Details](services/flaresolverr) | | ๐Ÿ” **Nessus** | A powerful vulnerability scanner with a free Essentials model for home use. | [Details](services/nessus) | | ๐Ÿ—ƒ๏ธ **Netbox** | NetBox is the leading solution for modeling and documenting modern networks. | [Details](services/netbox) | | ๐Ÿงฉ **Pi-hole** | A network-level ad blocker that acts as a DNS sinkhole. | [Details](services/pihole) | From 2c728e581e1638ad8453b477746c533e946e4293 Mon Sep 17 00:00:00 2001 From: ravitejalam Date: Tue, 7 Apr 2026 09:18:24 +0530 Subject: [PATCH 4/5] Flaresolverr updated --- services/flaresolverr/.env | 1 + services/flaresolverr/compose.yaml | 8 ++------ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/services/flaresolverr/.env b/services/flaresolverr/.env index 6f0c33bd..932bfbb2 100644 --- a/services/flaresolverr/.env +++ b/services/flaresolverr/.env @@ -4,6 +4,7 @@ # Service Configuration SERVICE=flaresolverr +IMAGE_URL=ghcr.io/flaresolverr/flaresolverr:latest # Network Configuration SERVICEPORT=8191 diff --git a/services/flaresolverr/compose.yaml b/services/flaresolverr/compose.yaml index cb8772a8..e89e1ae2 100644 --- a/services/flaresolverr/compose.yaml +++ b/services/flaresolverr/compose.yaml @@ -49,7 +49,7 @@ services: # ${SERVICE} application: - image: ghcr.io/flaresolverr/flaresolverr:latest + image: ${IMAGE_URL} # Image to be used network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale container_name: app-${SERVICE}-server # Name for local container management environment: @@ -57,9 +57,5 @@ services: - LOG_FILE=${LOG_FILE:-none} - LOG_HTML=${LOG_HTML:-false} - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} - - TZ=Asia/Kolkata - # ports: - # - "8191:8191" - volumes: - - /var/lib/flaresolver:/config + - TZ=Europe/Amsterdam restart: unless-stopped From 31ea911fc6493b671134b2640d3493d8ef173c22 Mon Sep 17 00:00:00 2001 From: ravitejalam Date: Wed, 8 Apr 2026 23:57:45 +0530 Subject: [PATCH 5/5] Immich Update --- services/immich/compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/immich/compose.yaml b/services/immich/compose.yaml index 4a72d2f0..fc2ca9fb 100644 --- a/services/immich/compose.yaml +++ b/services/immich/compose.yaml @@ -57,7 +57,7 @@ services: # service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding volumes: # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file - - ./${SERVICE}-data/upload:/usr/src/app/upload + - ./${SERVICE}-data/upload:/data - /etc/localtime:/etc/localtime:ro env_file: - .env @@ -92,7 +92,7 @@ services: redis: container_name: app-${SERVICE}-redis - image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6 + image: docker.io/valkey/valkey:9@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 healthcheck: test: redis-cli ping || exit 1 restart: always