Docker/proxmox-docker
Docker/proxmox-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3f05874d73
proxmox-docker/traefik/compose.yaml

188 lines
6.5 KiB
YAML
Raw Blame History

name: traefik
###############################################################
# Networks
###############################################################
networks:
socket_proxy:
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-traefik_sx
traefik-net:
external: true
mariadb-net:
external: true
###############################################################
# Docker Secrets
# Owner (default): root:root
# Recommend Set Owner to match container user Example: UID=1100, GID=1100
# Permissions of files & directory on host to: 0400 (-r--)
###############################################################
secrets:
## Cloudflare / Traefik
cf_dns_api_token:
file: ${SECRETSDIR}/cf_dns_api_token
###############################################################
services:
traefik:
image: traefik:v3.2.1 # traefik:v3.1.7 # traefik:3.1.2 # traefik:v3.1.7-nanoserver-ltsc2022
hostname: traefik
restart: unless-stopped
env_file: .traefik.env
security_opt:
- no-new-privileges=true
depends_on:
- socket-proxy # Comment out if not using socket-proxy
networks:
- traefik-net
- socket_proxy
- mariadb-net
command:
- --configFile=/config/traefik.yml
ports:
- name: "web"
target: 80 # container port
host_ip: 0.0.0.0 # host IP; 0.0.0.0 binds to all network interfaces
published: "80" # publicly exposed port, defined as a string
protocol: tcp # port protocol
app_protocol: http # application protocol (TCP/IP level 4 / OSI level 7) this port is used for
mode: host # how port is published in swarm setup
- name: "websecure"
target: 443
host_ip: 0.0.0.0
published: "443"
protocol: tcp
app_protocol: http
mode: host
# - name: "traefik" # dashboard port - use when not using labels below / reverse proxy for traefik itself
# target: 8080
# host_ip: 0.0.0.0
# published: "8080"
# protocol: tcp
# app_protocol: http
# mode: host
# - target: 51820
# published: "51820"
# protocol: udp
# mode: host
# - target: 32400
# published: "32400"
# protocol: tcp
# mode: host
# - target: 1883
# published: "1883"
# protocol: tcp
# mode: host
# - target: 8883
# published: "8883"
# protocol: tcp
# mode: host
# - target: 19132
# published: "19132"
# protocol: udp
# mode: host
# - target: 25565
# published: "25565"
# protocol: udp
# mode: host
# - target: 25575
# published: "25575"
# protocol: tcp
# mode: host
# - target: 8083
# published: "8083"
# protocol: tcp
# mode: host
# - target: 8306
# published: "8306"
# protocol: tcp
# mode: host
# - target: 9306
# published: "9306"
# protocol: tcp
# mode: host
secrets:
- cf_dns_api_token
volumes:
- $STACKSDIR/config:/config # traefik.yaml
- $STACKSDIR/rules:/rules # Dynamic File Provider directory
- $STACKSDIR/users:/mnt/users # basic-auth username and password hashes
- $DATADIR/appdata:/data # acme.json defined in traefik.yaml
- $DATADIR/logs:/logs
labels:
- traefik.enable=true
#
# http routers
# ------------
# http://traefik-px.sthome.org/ping
- traefik.http.routers.${APPLICATION_NAME}-ping-rtr.entrypoints=web
- traefik.http.routers.${APPLICATION_NAME}-ping-rtr.rule=Host(`${WEBAPP_PING}.${DOMAINNAME}`)&& PathPrefix(`/`)
- traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web
- traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)
# https://appname.domainname/
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true
# - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options.yml@file
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns
#- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.domains[0].main=${DOMAINNAME}"
#- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.domains[0].sans=*.${DOMAINNAME}"
#
# http basic-auth middlewares
# ---------------------------
- traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.usersfile=/mnt/users/${APPLICATION_NAME}.txt
#
# assign middlewares to routers
# -----------------------------
- traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-auth
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-auth
#
# http services
# -------------
- traefik.http.services.${APPLICATION_NAME}-ping-svc.loadbalancer.server.port=${PING_PORT}
# assign services to routers
- traefik.http.routers.${APPLICATION_NAME}-ping-rtr.service=${APPLICATION_NAME}-ping-svc
- traefik.http.routers.${APPLICATION_NAME}-rtr.service=api@internal
- traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=api@internal
###############################################################
socket-proxy:
image: tecnativa/docker-socket-proxy:0.2.0 #0.1.2
hostname: traefik_socket-proxy
restart: unless-stopped
env_file: .socket-proxy.env
security_opt:
- no-new-privileges=true
networks:
- socket_proxy
privileged: true # true for VM. false for unprivileged LXC container.
#depends_on:
# - traefik
ports:
- 127.0.0.1:2375:2375
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
###############################################################
# whoami:
# image: traefik/whoami:latest
# container_name: whoami
# restart: unless-stopped
# security_opt:
# - no-new-privileges=true
# depends_on:
# - traefik
# networks:
# - traefik
# environment:
# - TZ
# labels:
# - "traefik.enable=true"
# ## HTTP Routers
# - "traefik.http.routers.whoami-rtr.rule=Host(`whoami.${DOMAINNAME}`)"
###############################################################
Reference in New Issue View Git Blame Copy Permalink