97 lines
3.4 KiB
YAML
97 lines
3.4 KiB
YAML
version: "3.7"
|
|
services:
|
|
traefik:
|
|
image: "traefik"
|
|
command:
|
|
- --entrypoints.web.address=:80
|
|
- --entrypoints.websecure.address=:443
|
|
- --providers.docker
|
|
- --providers.docker.exposedByDefault=false
|
|
- --log.level=DEBUG
|
|
- --providers.docker.network=proxy
|
|
- --serversTransport.insecureSkipVerify=true
|
|
- --api
|
|
|
|
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
|
|
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
|
|
#- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
|
- "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
|
|
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
|
|
|
|
#Lets Encrypt TLS Challenge
|
|
#- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
|
|
#- --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}
|
|
#- --certificatesresolvers.letsencrypt.acme.storage=/acme.json
|
|
#- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
|
|
#Logging
|
|
- "--accesslog=true"
|
|
- "--accesslog.filePath=/logs/access.log"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
networks:
|
|
- proxy
|
|
volumes:
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "./data/letsencrypt:/letsencrypt"
|
|
- ./data/logs/:/logs/
|
|
labels:
|
|
# Dashboard
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.traefik.rule=Host(`traefik.zuhause.mertens.digital`)"
|
|
- "traefik.http.routers.traefik.service=api@internal"
|
|
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.traefik.entrypoints=websecure"
|
|
#- "traefik.http.routers.traefik.middlewares=authtraefik"
|
|
#- "traefik.http.middlewares.authtraefik.basicauth.users=user:$2a$12$zeG4z6/dM28JONNH54/jo.pZD0BUuzw0mbD0GFMQqe00lFYCPzKm." # user/password
|
|
|
|
# global redirect to https
|
|
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
|
- "traefik.http.routers.http-catchall.entrypoints=web"
|
|
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
|
|
|
# middleware redirect
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
restart: unless-stopped
|
|
# Automatic Container Updates
|
|
watchtower:
|
|
image: containrrr/watchtower
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
# whoami:
|
|
# image: traefik/whoami
|
|
# command:
|
|
# - --port=2001
|
|
# - --name=test
|
|
# ports:
|
|
# - "2001:2001"
|
|
# networks:
|
|
# - proxy
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.whoami.entrypoints=websecure"
|
|
# - "traefik.http.routers.whoami.rule=Host(`whoami.dev.mertens.digital`)"
|
|
# - "traefik.http.routers.whoami.tls=true"
|
|
# - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
|
|
# - "traefik.http.services.whoami.loadbalancer.server.port=2001"
|
|
|
|
|
|
|
|
# Cleanup unused Docker Container
|
|
janitor:
|
|
image: flaviostutz/docker-janitor
|
|
environment:
|
|
- RUN_ON_STARTUP=true
|
|
- PRUNE_VOLUMES=true
|
|
- SLEEP_TIME=86400
|
|
- UNUSED_TIME=24h
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|