Create traefik and portainer with docker

docker-compose.yml

version: "3.7"
services:

  traefik:
    image: traefik:2.4.8
    container_name: traefik
    restart: always
    command:
      # Try to enable this if something isn't working. 
      # Chances are, Traefik will tell you why.
      # Be careful in production as it exposes the traffic you might not want to expose.
      #--log.level=DEBUG

      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443

      - --providers.docker=true

      - --api=true

      # LetsEncrypt Staging Server - uncomment when testing
      # - --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory

      - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http
      - --certificatesresolvers.letsencrypt.acme.email=${EMAIL}
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
    networks:
      - traefik-proxy
    labels:
      # Redirect all HTTP traffic to HTTPS
      - traefik.http.routers.to-https.rule=HostRegexp(`{host:.+}`)
      - traefik.http.routers.to-https.entrypoints=http
      - traefik.http.routers.to-https.middlewares=to-https

      - traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)
      - traefik.http.routers.traefik.entrypoints=https
      - traefik.http.routers.traefik.middlewares=auth
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.tls=true
      - traefik.http.routers.traefik.tls.certresolver=${CERT_RESOLVER}

      - traefik.http.middlewares.to-https.redirectscheme.scheme=https
      - traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_USER}:${TRAEFIK_PASSWORD_HASH}
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./data/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  portainer:
    image: portainer/portainer-ce:2.11.0
    container_name: portainer
    restart: always
    depends_on:
      - "traefik"
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik-proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/portainer-data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.entrypoints=http"
      - "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN}`)"
      - "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
      - "traefik.http.routers.portainer-secure.entrypoints=https"
      - "traefik.http.routers.portainer-secure.rule=Host(`portainer.${DOMAIN}`)"
      - "traefik.http.routers.portainer-secure.tls=true"
      - "traefik.http.routers.portainer-secure.tls.certresolver=${CERT_RESOLVER}"
      - "traefik.http.routers.portainer-secure.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
      - "traefik.docker.network=traefik-proxy"

  whoami:
    image: containous/whoami
    container_name: whoami
    networks:
      - traefik-proxy
    depends_on:
      - "portainer"
    labels:
      - "traefik.http.routers.https.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.https.entrypoints=https"
      - "traefik.http.routers.https.tls=true"
      - "traefik.http.routers.https.tls.certresolver=${CERT_RESOLVER}"
      - "traefik.docker.network=traefik-proxy"

networks:
  traefik-proxy:
    external: true