/
docker-compose.yml
78 lines (74 loc) · 3.18 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# -------
# README:
# -------
#
# Create network:
# ---------------
# $ docker network create traefik-public
#
version: '3'
services:
traefik-2-4-3:
image: "${TRAEFIK_2_4_3_PROXY_IMAGE}"
container_name: "${TRAEFIK_2_4_3_PROXY_CONTAINER_NAME}"
hostname: "${TRAEFIK_2_4_3_PROXY_HOSTNAME}"
command:
# Debug mode
# - "--log.level=DEBUG"
# Docker swarm configuration
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik-public"
# Add dynamic configuration
- "--providers.file.filename=/dynamic_conf.yml"
# Configure entrypoint
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
# SSL configuration
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
# - "--certificatesresolvers.letsencryptresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.letsencryptresolver.acme.email=${TRAEFIK_2_4_3_PROXY_EMAIL}"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
# Global HTTP -> HTTPS
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
# Enable dashboard
- "--api.dashboard=true"
ports:
- 80:80
- 443:443
volumes:
# Add dynamic configuration
- ./config/dynamic_conf.yml:/dynamic_conf.yml
# To persist certificates
- traefik-certificates:/letsencrypt
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always
networks:
- traefik-public
labels:
# Enable traefik
- "traefik.enable=true"
# Add traefik.domain.tld
- "traefik.http.routers.traefik-2-4-3.rule=Host(`${TRAEFIK_2_4_3_PROXY_URL}`)"
- "traefik.http.routers.traefik-2-4-3.entrypoints=websecure"
- "traefik.http.routers.traefik-2-4-3.tls=true"
- "traefik.http.routers.traefik-2-4-3.tls.certresolver=letsencryptresolver"
# Add api service
- "traefik.http.routers.traefik-2-4-3.service=api@internal"
# Add admin authentification
- "traefik.http.routers.traefik-2-4-3.middlewares=adminauth"
# Define some global authentifications
- "traefik.http.middlewares.adminauth.basicauth.users=${TRAEFIK_2_4_3_PROXY_ADMINAUTH}"
- "traefik.http.middlewares.basicauth.basicauth.users=${TRAEFIK_2_4_3_PROXY_BASICAUTH}"
# Add dynamic configuration
- "providers.file.filename=/dynamic_conf.yml"
volumes:
traefik-certificates:
name: "traefik-certificates"
networks:
traefik-public:
external: true
name: "traefik-public"