-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
executable file
·66 lines (57 loc) · 2.36 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
version: "3.3"
services:
traefik:
image: "traefik:v2.8"
container_name: "traefik"
restart: unless-stopped
command:
#- "--log.level=DEBUG"
- "--api.dashboard=true"
- "--providers.file.directory=/configs"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=web"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.middlewares=https_redirect@docker"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.middlewares=https_config@docker,www-redirect@docker"
- "--entrypoints.websecure.http.tls.options=default"
- "--entrypoints.websecure.http.tls.certresolver=myresolver"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=[FILL ME]"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
labels:
com.centurylinklabs.watchtower.enable: true
traefik.enable: true
traefik.http.routers.http_catchall.rule: HostRegexp(`{any:.+}`)
traefik.http.routers.http_catchall.entrypoints: web
traefik.http.routers.http_catchall.middlewares: https_config
# https redirect
traefik.http.middlewares.https_config.headers.stsSeconds: 63072000
traefik.http.middlewares.https_config.headers.stsIncludeSubdomains: true
# https redirect
traefik.http.middlewares.https_redirect.redirectscheme.scheme: "https"
traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
# www -> non-www
traefik.http.middlewares.www-redirect.redirectregex.regex: "^https://www.(.*)"
traefik.http.middlewares.www-redirect.redirectregex.replacement: "https://$${1}"
traefik.http.middlewares.www-redirect.redirectregex.permanent: true
# basic-auth
# Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
traefik.http.middlewares.dev-auth.basicauth.users: "[FILL ME]"
networks:
- web
- default
ports:
- "443:443"
- "80:80"
volumes:
- "./letsencrypt:/letsencrypt"
- "./configs:/configs"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
web:
external: true
default:
driver: bridge