Docker/proxmox-docker
Docker/proxmox-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
proxmox-docker/traefik/compose.yaml

178 lines
6.1 KiB
YAML
Raw Permalink Blame History

name: traefik
###############################################################
# Networks
###############################################################
networks:
socket_proxy:
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-traefik_sx
traefik-net:
external: true
mariadb-net:
external: true
###############################################################
# Docker Secrets
# Owner (default): root:root
# Recommend Set Owner to match container user Example: UID=1100, GID=1100
# Permissions of files & directory on host to: 0400 (-r--)
###############################################################
secrets:
## Cloudflare / Traefik
cf_dns_api_token:
file: ${SECRETSDIR}/cf_dns_api_token
###############################################################
services:
traefik:
image: traefik:v3.2.1 # traefik:v3.1.7 # traefik:3.1.2 # traefik:v3.1.7-nanoserver-ltsc2022
hostname: traefik
restart: unless-stopped
env_file: .traefik.env
security_opt:
- no-new-privileges=true
depends_on:
- socket-proxy # Comment out if not using socket-proxy
networks:
- traefik-net
- socket_proxy
- mariadb-net
command:
- --configFile=/config/traefik.yml
ports:
- name: web
target: 80
host_ip: 0.0.0.0
published: "80"
protocol: tcp
app_protocol: http
mode: host
- name: websecure
target: 443
host_ip: 0.0.0.0
published: "443"
protocol: tcp
app_protocol: http
mode: host
- name: mqtt
target: 1883
published: "1883"
protocol: tcp
app_protocol: mqtt
mode: host
- name: mqttsecure
target: 8883
published: "8883"
protocol: tcp
app_protocol: mqtt
mode: host
# - target: 19132
# published: "19132"
# protocol: udp
# mode: host
# - target: 25565
# published: "25565"
# protocol: udp
# mode: host
# - target: 25575
# published: "25575"
# protocol: tcp
# mode: host
# - target: 8083
# published: "8083"
# protocol: tcp
# mode: host
# - target: 8306
# published: "8306"
# protocol: tcp
# mode: host
# - target: 9306
# published: "9306"
# protocol: tcp
# mode: host
secrets:
- cf_dns_api_token
volumes:
- $STACKSDIR/config:/config # traefik.yaml
- $STACKSDIR/rules:/rules # Dynamic File Provider directory
- $STACKSDIR/users:/mnt/users # basic-auth username and password hashes
- $DATADIR/appdata:/data # acme.json defined in traefik.yaml
- $DATADIR/logs:/logs
labels:
- traefik.enable=true
#
# http routers
# ------------
# http://traefik-px-ping.sthome.org/ping
- traefik.http.routers.${APPLICATION_NAME}-ping-rtr.entrypoints=web
- traefik.http.routers.${APPLICATION_NAME}-ping-rtr.rule=Host(`${WEBAPP_NAME}-ping.${DOMAINNAME}`)&&
PathPrefix(`/`)
# http://traefik-px.sthome.org/
- traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web
- traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&&
PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&&
PathPrefix(`/`)
# https://appname.domainname/
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&&
PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&&
PathPrefix(`/`)
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true
# - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options.yml@file
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns
#- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.domains[0].main=${DOMAINNAME}"
#- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.domains[0].sans=*.${DOMAINNAME}"
#
# http basic-auth middlewares
# ---------------------------
- traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.usersfile=/mnt/users/${APPLICATION_NAME}.txt
#
# assign middlewares to routers
# -----------------------------
- traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-auth
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-auth
#
# http services
# -------------
- traefik.http.services.${APPLICATION_NAME}-ping-svc.loadbalancer.server.port=${PING_PORT}
# assign services to routers
- traefik.http.routers.${APPLICATION_NAME}-ping-rtr.service=${APPLICATION_NAME}-ping-svc
- traefik.http.routers.${APPLICATION_NAME}-rtr.service=api@internal
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=api@internal
###############################################################
socket-proxy:
image: tecnativa/docker-socket-proxy:0.2.0 #0.1.2
hostname: traefik_socket-proxy
restart: unless-stopped
env_file: .socket-proxy.env
security_opt:
- no-new-privileges=true
networks:
- socket_proxy
privileged: true # true for VM. false for unprivileged LXC container.
#depends_on:
# - traefik
ports:
- 127.0.0.1:2375:2375
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
###############################################################
# whoami:
# image: traefik/whoami:latest
# container_name: whoami
# restart: unless-stopped
# security_opt:
# - no-new-privileges=true
# depends_on:
# - traefik
# networks:
# - traefik
# environment:
# - TZ
# labels:
# - "traefik.enable=true"
# ## HTTP Routers
# - "traefik.http.routers.whoami-rtr.rule=Host(`whoami.${DOMAINNAME}`)"
###############################################################
Reference in New Issue View Git Blame Copy Permalink