JohnnySixarms/docker-compose.yaml

## docker-compose.yaml
version: '3.6'
services:
  traefik:
    container_name: 'traefik'
    image: 'traefik:latest'
    restart: 'always'
    security_opt:
      - no-new-privileges:true
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_API_KEY=${CF_API_KEY}
    command:
      - '--log.level=INFO'
      - '--entrypoints.web.address=:80'
      - '--entrypoints.websecure.address=:443'
      - '--providers.docker'
      - '--api'
      - '--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL}'
      - '--certificatesresolvers.cloudflare.acme.dnschallenge=true'
      - '--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare'
      - '--certificatesResolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53'
      - "--certificatesresolvers.cloudflare.acme.storage=/acme.json"
      #- '--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory'
    networks:
      - traefik-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - "./acme.json:/acme.json"
    labels:
      # global redirect to https
      - 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
      - 'traefik.http.routers.http-catchall.entrypoints=web'
      - 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

      # global wildcard certificates
      - 'traefik.http.routers.wildcard-certs.tls.certresolver=cloudflare'
      - 'traefik.http.routers.wildcard-certs.tls.domains[0].main=example.eu'
      - 'traefik.http.routers.wildcard-certs.tls.domains[0].sans=*.example.eu'

      # dashboard
      - 'traefik.http.routers.traefik.rule=Host(`traefik2.example.eu`)'
      - 'traefik.http.routers.traefik.tls=true'
      - 'traefik.http.routers.traefik.entrypoints=websecure'
      - 'traefik.http.routers.traefik.service=api@internal'
      - 'traefik.http.routers.traefik.middlewares=authtraefik'
      - 'traefik.http.middlewares.authtraefik.basicauth.users=jsixarms:<changeme into htpasswd>'

  portainer:
    container_name: 'portainer'
    image: 'portainer/portainer'
    restart: 'always'
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik-proxy
    volumes:
      - './config/portainer/data:/data'
      - '/var/run/docker.sock:/var/run/docker.sock'
    labels:
      - 'traefik.http.routers.portainer.rule=Host(`portainer2.example.eu`)'
      - 'traefik.http.routers.portainer.tls=true'
      - 'traefik.http.routers.portainer.entrypoints=websecure'
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"

  bitwarden:
    container_name: 'bitwarden'
    image: 'bitwardenrs/server:latest'
    restart: 'always'
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik-proxy
    volumes:
      - './config/bitwarden/bw_data:/data'
    labels:
      - 'traefik.http.routers.bitwarden.rule=Host(`bitwarden.example.eu`)'
      - 'traefik.http.routers.bitwarden.tls=true'
      - 'traefik.http.routers.bitwarden.entrypoints=websecure'

networks:
  traefik-proxy:
    external: true
	version: '3.6'
	services:
	traefik:
	container_name: 'traefik'
	image: 'traefik:latest'
	restart: 'always'
	security_opt:
	- no-new-privileges:true
	environment:
	- CF_API_EMAIL=${CF_API_EMAIL}
	- CF_API_KEY=${CF_API_KEY}
	command:
	- '--log.level=INFO'
	- '--entrypoints.web.address=:80'
	- '--entrypoints.websecure.address=:443'
	- '--providers.docker'
	- '--api'
	- '--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL}'
	- '--certificatesresolvers.cloudflare.acme.dnschallenge=true'
	- '--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare'
	- '--certificatesResolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53'
	- "--certificatesresolvers.cloudflare.acme.storage=/acme.json"
	#- '--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory'
	networks:
	- traefik-proxy
	ports:
	- "80:80"
	- "443:443"
	volumes:
	- '/var/run/docker.sock:/var/run/docker.sock:ro'
	- "./acme.json:/acme.json"
	labels:
	# global redirect to https
	- 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
	- 'traefik.http.routers.http-catchall.entrypoints=web'
	- 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
	- 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

	# global wildcard certificates
	- 'traefik.http.routers.wildcard-certs.tls.certresolver=cloudflare'
	- 'traefik.http.routers.wildcard-certs.tls.domains[0].main=example.eu'
	- 'traefik.http.routers.wildcard-certs.tls.domains[0].sans=*.example.eu'

	# dashboard
	- 'traefik.http.routers.traefik.rule=Host(`traefik2.example.eu`)'
	- 'traefik.http.routers.traefik.tls=true'
	- 'traefik.http.routers.traefik.entrypoints=websecure'
	- 'traefik.http.routers.traefik.service=api@internal'
	- 'traefik.http.routers.traefik.middlewares=authtraefik'
	- 'traefik.http.middlewares.authtraefik.basicauth.users=jsixarms:<changeme into htpasswd>'

	portainer:
	container_name: 'portainer'
	image: 'portainer/portainer'
	restart: 'always'
	security_opt:
	- no-new-privileges:true
	networks:
	- traefik-proxy
	volumes:
	- './config/portainer/data:/data'
	- '/var/run/docker.sock:/var/run/docker.sock'
	labels:
	- 'traefik.http.routers.portainer.rule=Host(`portainer2.example.eu`)'
	- 'traefik.http.routers.portainer.tls=true'
	- 'traefik.http.routers.portainer.entrypoints=websecure'
	- "traefik.http.services.portainer.loadbalancer.server.port=9000"

	bitwarden:
	container_name: 'bitwarden'
	image: 'bitwardenrs/server:latest'
	restart: 'always'
	security_opt:
	- no-new-privileges:true
	networks:
	- traefik-proxy
	volumes:
	- './config/bitwarden/bw_data:/data'
	labels:
	- 'traefik.http.routers.bitwarden.rule=Host(`bitwarden.example.eu`)'
	- 'traefik.http.routers.bitwarden.tls=true'
	- 'traefik.http.routers.bitwarden.entrypoints=websecure'

	networks:
	traefik-proxy:
	external: true