name: mariadb secrets: mariadb_root_password: file: ${SECRETSDIR}/mariadb_root_password networks: mariadb-net: external: true traefik-net: external: true services: mariadb: image: mariadb:latest restart: unless-stopped env_file: .mariadb.env hostname: mariadb user: ${PUID}:${PGID} volumes: - "${DATADIR}/appdata:/var/lib/mysql" secrets: - mariadb_root_password networks: - mariadb-net - traefik-net labels: - traefik.enable=true - traefik.docker.network=traefik-net # # tcp service # ----------- - "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc.loadbalancer.server.port=${SERVICE_PORT}" # # tcp routers # ----------- # limit router to mariadb ":8306" entrypoint - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr.entrypoints=mariadb" # set match criteria for router, since this is not tls, header might not contain hostsni field; we're forced to use wildcard - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr.rule=HostSNI(`*`)" # assign svc target to router - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr.service=${APPLICATION_NAME}-tcp-svc" ###### mysql with tls via traefik not working # # # # limit router to mariadb ":8306" entrypoint # - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.entrypoints=mariadb" # # set match criteria for router # - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.rule=HostSNI(`${APPLICATION_NAME}.${DOMAINNAME}`)" # # set router to be dedicated to secure requests only for the hosts specified in match criteria # - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls=true" # # forward requests "as is" keeping all data encrypted. # - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls.passthrough=true" # - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls.options=tls-opts@file" # # generate certificates using following certresolver # - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls.certresolver=sthomeresolver" # # assign svc target to router # - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.service=${APPLICATION_NAME}-tcp-svc"