TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c831770ac8
docker-apps/mosquitto/stacks/compose.yml

55 lines
2.3 KiB
YAML
Raw Blame History

name: mosquitto
networks:
traefik-net:
external: true
services:
mosquitto:
image: eclipse-mosquitto
hostname: mosquitto
env_file: .mosquitto.env
user: "${PUID}:${PGID}"
networks:
traefik-net:
aliases: ["mqtt"]
volumes:
- "${DATADIR}/appdata:/mosquitto/data"
- "${DATADIR}/config:/mosquitto/config"
- "${DATADIR}/logs:/mosquitto/log"
- "${DATADIR}/configinc:/mosquitto/configinc" # maps the default folder for password.txt file
restart: unless-stopped
# ports 1883, 8883 and 9001
# 9001 not implemented
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
#
# tcp services
# -------------
- "traefik.tcp.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${SERVICE_PORT}"
#- "traefik.tcp.services.${APPLICATION_NAME}-secure-svc.loadbalancer.server.port=${SECURE_SERVICE_PORT}"
#
# tcp routers
# ------------
# limit router to mqtt ":1883" entrypoint
- "traefik.tcp.routers.${APPLICATION_NAME}-rtr.entrypoints=mqtt"
# set match criteria for router
- "traefik.tcp.routers.${APPLICATION_NAME}-rtr.rule=HostSNI(`*`)"
# assign svc target to routers
- "traefik.tcp.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
#
# limit router to mqttsecure ":8883" entrypoint
- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=mqttsecure"
# set match criteria for router
- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.rule=HostSNI(`${APPLICATION_NAME}.${DOMAINNAME}`) || HostSNI(`mqtt.${DOMAINNAME}`)"
# set router to be dedicated to secure requests only for the host specified in match criteria
- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
# passthrough tls
- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls.passthrough=true"
# generate certificates using following certresolver
- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
# assign svc target to routers
#- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-secure-svc"
- "traefik.tcp.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc" # use same svc as non-secure router to avoid issues with certificates on mosquitto
Reference in New Issue View Git Blame Copy Permalink