Created
January 3, 2022 16:29
-
-
Save AsP3X/4da8b3e6794eb7b7826e57e1b3de77d9 to your computer and use it in GitHub Desktop.
Create traefik and portainer with docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.7" | |
services: | |
traefik: | |
image: traefik:2.4.8 | |
container_name: traefik | |
restart: always | |
command: | |
# Try to enable this if something isn't working. | |
# Chances are, Traefik will tell you why. | |
# Be careful in production as it exposes the traffic you might not want to expose. | |
#--log.level=DEBUG | |
- --entrypoints.http.address=:80 | |
- --entrypoints.https.address=:443 | |
- --providers.docker=true | |
- --api=true | |
# LetsEncrypt Staging Server - uncomment when testing | |
# - --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory | |
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true | |
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http | |
- --certificatesresolvers.letsencrypt.acme.email=${EMAIL} | |
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json | |
networks: | |
- traefik-proxy | |
labels: | |
# Redirect all HTTP traffic to HTTPS | |
- traefik.http.routers.to-https.rule=HostRegexp(`{host:.+}`) | |
- traefik.http.routers.to-https.entrypoints=http | |
- traefik.http.routers.to-https.middlewares=to-https | |
- traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`) | |
- traefik.http.routers.traefik.entrypoints=https | |
- traefik.http.routers.traefik.middlewares=auth | |
- traefik.http.routers.traefik.service=api@internal | |
- traefik.http.routers.traefik.tls=true | |
- traefik.http.routers.traefik.tls.certresolver=${CERT_RESOLVER} | |
- traefik.http.middlewares.to-https.redirectscheme.scheme=https | |
- traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_USER}:${TRAEFIK_PASSWORD_HASH} | |
ports: | |
- 80:80 | |
- 443:443 | |
volumes: | |
- ./data/letsencrypt:/letsencrypt | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
portainer: | |
image: portainer/portainer-ce:2.11.0 | |
container_name: portainer | |
restart: always | |
depends_on: | |
- "traefik" | |
security_opt: | |
- no-new-privileges:true | |
networks: | |
- traefik-proxy | |
volumes: | |
- /etc/localtime:/etc/localtime:ro | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- ./data/portainer-data:/data | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.portainer.entrypoints=http" | |
- "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN}`)" | |
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https" | |
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect" | |
- "traefik.http.routers.portainer-secure.entrypoints=https" | |
- "traefik.http.routers.portainer-secure.rule=Host(`portainer.${DOMAIN}`)" | |
- "traefik.http.routers.portainer-secure.tls=true" | |
- "traefik.http.routers.portainer-secure.tls.certresolver=${CERT_RESOLVER}" | |
- "traefik.http.routers.portainer-secure.service=portainer" | |
- "traefik.http.services.portainer.loadbalancer.server.port=9000" | |
- "traefik.docker.network=traefik-proxy" | |
whoami: | |
image: containous/whoami | |
container_name: whoami | |
networks: | |
- traefik-proxy | |
depends_on: | |
- "portainer" | |
labels: | |
- "traefik.http.routers.https.rule=Host(`${DOMAIN}`)" | |
- "traefik.http.routers.https.entrypoints=https" | |
- "traefik.http.routers.https.tls=true" | |
- "traefik.http.routers.https.tls.certresolver=${CERT_RESOLVER}" | |
- "traefik.docker.network=traefik-proxy" | |
networks: | |
traefik-proxy: | |
external: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment