adguardhome

library/compose/adguardhome/compose.yaml.j2

@@ -20,19 +20,20 @@ services:
     {#
       Port mappings (only in bridge mode or default network):
       - HTTP/HTTPS (80/443) ports are only exposed when Traefik is disabled
-      - Initial setup port 3000 is exposed during first-time setup
+      - Initial setup port 3000 is exposed during first-time setup (when not using Traefik)
       - DNS and related ports (53, 853, 5443) are always exposed
       - In host or macvlan mode, ports are bound directly to host network
+      Note: When using Traefik, access initial setup via container IP:3000 before DNS is configured
     #}
-    {% if network_mode == '' or network_mode == 'bridge' or traefik_enabled %}
+    {% if not network_mode or network_mode == 'bridge' or traefik_enabled %}
     ports:
       {% if not traefik_enabled %}
       - "{{ ports_http }}:80/tcp"
       - "{{ ports_https }}:443/tcp"
+      {% endif %}
       {% if initial_setup %}
       - "{{ ports_initial }}:3000/tcp"
       {% endif %}
-      {% endif %}
       - "{{ ports_https }}:443/udp"
       - "{{ ports_dns }}:53/tcp"
       - "{{ ports_dns }}:53/udp"
@@ -57,28 +58,15 @@ services:
       - traefik.enable=true
       - traefik.docker.network={{ traefik_network }}
       - traefik.http.services.{{ service_name }}_web.loadBalancer.server.port=80
-      - traefik.http.routers.{{ service_name }}_http.service={{ service_name }}_web
-      - traefik.http.routers.{{ service_name }}_http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}_http.entrypoints=web
+      - traefik.http.routers.{{ service_name }}_web_http.service={{ service_name }}_web
+      - traefik.http.routers.{{ service_name }}_web_http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
+      - traefik.http.routers.{{ service_name }}_web_http.entrypoints=web
       {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}_https.service={{ service_name }}_web
-      - traefik.http.routers.{{ service_name }}_https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}_https.entrypoints=websecure
-      - traefik.http.routers.{{ service_name }}_https.tls=true
-      - traefik.http.routers.{{ service_name }}_https.tls.certresolver={{ traefik_tls_certresolver }}
-      {% endif %}
-      {#
-        Initial setup routing (port 3000):
-        Routes setup wizard through separate Traefik service.
-        Note: Setup wizard is available at http://<host>.<domain>/setup during initial configuration.
-      #}
-      {% if initial_setup %}
-      - traefik.http.services.{{ service_name }}_setup.loadBalancer.server.port=3000
-      - traefik.http.routers.{{ service_name }}_setup.service={{ service_name }}_setup
-      - traefik.http.routers.{{ service_name }}_setup.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`) && PathPrefix(`/setup`)
-      - traefik.http.routers.{{ service_name }}_setup.entrypoints=web
-      - traefik.http.middlewares.{{ service_name }}_setup-strip.stripprefix.prefixes=/setup
-      - traefik.http.routers.{{ service_name }}_setup.middlewares={{ service_name }}_setup-strip
+      - traefik.http.routers.{{ service_name }}_web_https.service={{ service_name }}_web
+      - traefik.http.routers.{{ service_name }}_web_https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
+      - traefik.http.routers.{{ service_name }}_web_https.entrypoints=websecure
+      - traefik.http.routers.{{ service_name }}_web_https.tls=true
+      - traefik.http.routers.{{ service_name }}_web_https.tls.certresolver={{ traefik_tls_certresolver }}
       {% endif %}
     {% endif %}
 
@@ -108,9 +96,6 @@ networks:
         - subnet: {{ network_macvlan_subnet }}
           gateway: {{ network_macvlan_gateway }}
     name: {{ network_name }}
-    {% elif swarm_enabled %}
-    driver: overlay
-    attachable: true
     {% else %}
     driver: bridge
     {% endif %}

library/compose/adguardhome/template.yaml

@@ -8,8 +8,10 @@ metadata:
     It features advanced DNS filtering, parental controls, safe browsing, and HTTPS/DNS-over-TLS/DNS-over-QUIC support.
     ## Prerequisites
     - :info: During the initial setup, AdGuard Home runs an HTTP server on port 3000 to guide you through configuration.
-    After completing the setup, AdGuard Home switches to the configured HTTP port, and port, consider re-deploying the
-    service with `initial_setup=false`.
+    **With Traefik enabled:** Access initial setup via container IP at `http://<container-ip>:3000`.
+    After setup completes, access the admin interface via the configured domain.
+    - :warning: **Security Notice:** The initial setup on port 3000 uses an unencrypted HTTP connection.
+    Only use this for initial configuration and disable it (`initial_setup=false`) after setup is complete.
     - :warning: If you require DHCP functionality or want AdGuard Home to bind directly to port 53,
     you must set `network_mode` to `host` or `macvlan`. Note this exposes all container ports directly on the host.
     You can't use `traefik_enabled` in this case!
@@ -28,33 +30,31 @@ metadata:
     - network
     - volume
   next_steps:
-  draft: true
 schema: 1.2
 spec:
   general:
     vars:
       service_name:
-        default: "adguardhome"
+        default: adguardhome
       initial_setup:
-        description: "Enable initial setup wizard on port 3000"
+        description: Enable initial setup wizard on port 3000 (only used without Traefik)
         type: bool
         default: true
         extra: >
-          Port 3000 is only used during the initial setup wizard.
-          After completing setup, AdGuard Home switches to the configured HTTP port and port 3000 becomes inactive.
-          Set to false if you've already completed the initial setup.
+          Port 3000 is only used during the initial setup wizard when Traefik is disabled.
+          With Traefik enabled, access setup via container IP instead.
+          After completing setup, AdGuard Home switches to port 80 and port 3000 becomes inactive.
   traefik:
     vars:
       traefik_host:
-        default: "adguardhome"
+        default: adguardhome
   network:
     vars:
       network_mode:
         extra: >
           Use 'host' mode if you need DHCP functionality or want AdGuard Home to bind directly to port 53.
-          NOTE: Swarm only supports 'bridge' mode!
       network_name:
-        default: "adguardhome_network"
+        default: adguardhome_network
   ports:
     vars:
       ports_http:
@@ -62,21 +62,20 @@ spec:
       ports_https:
         default: 443
       ports_initial:
-        description: "Initial setup wizard port"
+        description: Initial setup wizard port (only when Traefik is disabled)
         type: int
         default: 3000
         needs: ["traefik_enabled=false", "initial_setup=true"]
         extra: >
-          Only used during first-time setup. After configuration, port becomes inactive.
-      ports_dns:
-        description: "DNS port"
-        type: int
-        default: 53
+          Only used during first-time setup without Traefik. After configuration, port becomes inactive.
+          With Traefik, access setup via container IP instead.
       ports_tls:
-        description: "DNS over TLS Port"
+        description: DNS over TLS Port
         type: int
         default: 853
+        required: true
       ports_dnscrypt:
-        description: "DNSCrypt Port"
+        description: DNSCrypt Port
         type: int
         default: 5443
+        required: true