docker-compose for a single node monitoring host with prometheus, alertmanager, blackbox-exporter, grafana and traefik

docker-compose.yml

version: '2.4'
services:
  traefik:
    container_name: traefik
    image: traefik:2.2
    command:
      - --accesslog=true
      - --global.sendanonymoususage=false
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80 
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --certificatesresolvers.letsencrypt.acme.email=your.email@domain.com
      - --certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme.json
      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
    mem_limit: 512M
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /opt/traefik/acme:/etc/traefik/acme
      - type: bind
        source: /opt/traefik/users
        target: /etc/traefik/users
        read_only: true
  prometheus:
    container_name: prometheus
    image: prom/prometheus:v2.17.2
    command:
      - --web.external-url=https://domain.com/prometheus
      - --web.route-prefix=/prometheus
      - --config.file=/etc/prometheus/prometheus.yml
      - --storage.tsdb.retention.time=15d
      - --web.enable-lifecycle
    mem_limit: 2048M
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.auth-prometheus.basicauth.usersFile=/etc/traefik/users"
      - "traefik.http.routers.prometheus.rule=Host(`domain.com`) && PathPrefix(`/prometheus`)"
      - "traefik.http.routers.prometheus.tls=true"
      - "traefik.http.routers.prometheus.tls.certresolver=letsencrypt"
      - "traefik.http.routers.prometheus.middlewares=auth-prometheus"
    networks:
      default:
        aliases:
          - domain.com
    volumes:
      - /opt/prometheus/data:/prometheus
      - /opt/prometheus/config:/etc/prometheus:ro
  alertmanager:
    container_name: alertmanager
    image: prom/alertmanager:v0.20.0
    command:
      - --web.external-url=https://domain.com/alertmanager
      - --config.file=/etc/alertmanager/alertmanager.yml
    mem_limit: 512M
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.auth-alertmanager.basicauth.usersFile=/etc/traefik/users"
      - "traefik.http.routers.alertmanager.rule=Host(`domain.com`) && PathPrefix(`/alertmanager`)"
      - "traefik.http.routers.alertmanager.tls=true"
      - "traefik.http.routers.alertmanager.tls.certresolver=letsencrypt"
      - "traefik.http.routers.alertmanager.middlewares=auth-alertmanager"
    volumes:
      - /opt/alertmanager/data:/alertmanager
      - /opt/alertmanager/config:/etc/alertmanager:ro
  blackbox-exporter:
    container_name: blackbox-exporter
    image: prom/blackbox-exporter:v0.16.0
    mem_limit: 512M
    restart: unless-stopped
    volumes:
      - /opt/blackbox-exporter/config:/etc/blackbox-exporter:ro
  grafana:
    container_name: grafana
    image: grafana/grafana:6.7.3
    mem_limit: 1G
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.auth.basicauth.removeheader=true"
      - "traefik.http.middlewares.prefix.stripprefix.prefixes=/grafana"
      - "traefik.http.routers.grafana.rule=Host(`domain.com`) && PathPrefix(`/grafana`)"
      - "traefik.http.routers.grafana.tls=true"
      - "traefik.http.routers.grafana.tls.certresolver=letsencrypt"
    environment:
      GF_DATABASE_URL: postgres://grafana:password@grafana-postgresql:5432/grafana
      GF_SECURITY_ADMIN_PASSWORD: password
      GF_SECURITY_COOKIE_SECURE: "true"
      GF_SERVER_DOMAIN: domain.com
      GF_SERVER_ROOT_URL: https://domain.com/grafana/
      GF_SERVER_SERVE_FROM_SUB_PATH: "true"
      GF_AUTH_LOGIN_COOKIE_NAME: grafana_session
      GF_AUTH.BASIC_ENABLED: "false"
    volumes:
      - /opt/grafana/config/provisioning/datasources:/etc/grafana/provisioning/datasources
  grafana-postgresql:
    container_name: grafana-postgresql
    image: postgres:12
    mem_limit: 512M
    restart: unless-stopped
    environment:
      POSTGRES_DB: grafana
      POSTGRES_USER: grafana
      POSTGRES_PASSWORD: password
    volumes:
    - /opt/grafana-postgres/data:/var/lib/postgresql/data

Replace email address, domain name and passwords. Create the htpasswd users file in /opt/traefik/users to allow access to Prometheus and Alertmanager.