55 lines
2.3 KiB
YAML
55 lines
2.3 KiB
YAML
name: mosquitto
|
|
networks:
|
|
traefik-net:
|
|
external: true
|
|
services:
|
|
mosquitto:
|
|
image: eclipse-mosquitto
|
|
hostname: mosquitto
|
|
env_file: .mosquitto.env
|
|
user: ${PUID}:${PGID}
|
|
networks:
|
|
traefik-net:
|
|
aliases:
|
|
- mqtt
|
|
volumes:
|
|
- ${DATADIR}/appdata:/mosquitto/data
|
|
- ${DATADIR}/config:/mosquitto/config
|
|
- ${DATADIR}/logs:/mosquitto/log
|
|
- ${DATADIR}/configinc:/mosquitto/configinc # maps the default folder for password.txt file
|
|
restart: unless-stopped
|
|
|
|
# ports 1883, 8883 and 9001
|
|
# 9001 not implemented
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network=traefik-net
|
|
#
|
|
# tcp services
|
|
# -------------
|
|
- traefik.tcp.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${SERVICE_PORT}
|
|
#- "traefik.tcp.services.${APPLICATION_NAME}-secure-svc.loadbalancer.server.port=${SECURE_SERVICE_PORT}"
|
|
#
|
|
# tcp routers
|
|
# ------------
|
|
# limit router to mqtt ":1883" entrypoint
|
|
- traefik.tcp.routers.${APPLICATION_NAME}-rtr.entrypoints=mqtt
|
|
# set match criteria for router
|
|
- traefik.tcp.routers.${APPLICATION_NAME}-rtr.rule=HostSNI(`*`)
|
|
# assign svc target to routers
|
|
- traefik.tcp.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc
|
|
#
|
|
# limit router to mqttsecure ":8883" entrypoint
|
|
- traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=mqttsecure
|
|
# set match criteria for router
|
|
- traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.rule=HostSNI(`${APPLICATION_NAME}.${DOMAINNAME}`) || HostSNI(`mqtt-px.${DOMAINNAME}`)
|
|
# set router to be dedicated to secure requests only for the host specified in match criteria
|
|
- traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls=true
|
|
# passthrough tls
|
|
- traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls.passthrough=true
|
|
# generate certificates using following certresolver
|
|
- traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns
|
|
# assign svc target to routers
|
|
#- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-secure-svc"
|
|
- traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc # use same svc as non-secure router to avoid issues with certificates on mosquitto
|