JohnnySixarms/gist:f1d1aa3ed51654a3c2d9ac007eb4d31d

## gistfile1.txt
version: '3.6'
services:
  traefik:
    container_name: 'traefik'
    image: 'traefik:latest'
    restart: 'always'
    security_opt:
      - no-new-privileges:true
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_API_KEY=${CF_API_KEY}
    command:
      - '--log.level=INFO'
      - '--entrypoints.web.address=:80'
      - '--entrypoints.websecure.address=:443'
      - '--providers.docker'
      - '--api'
      - '--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL}'
      - '--certificatesresolvers.cloudflare.acme.dnschallenge=true'
      - '--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare'
      - '--certificatesResolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53'
      - '--certificatesresolvers.cloudflare.acme.storage=/acme.json'
      #- '--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory'
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - './acme.json:/acme.json'
    labels:
      # global redirect to https
      - 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
      - 'traefik.http.routers.http-catchall.entrypoints=web'
      - 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

      # global wildcard certificates
      - 'traefik.http.routers.wildcard-certs.tls.certresolver=cloudflare'
      - 'traefik.http.routers.wildcard-certs.tls.domains[0].main=example.eu'
      - 'traefik.http.routers.wildcard-certs.tls.domains[0].sans=*.example.eu'

      # dashboard
      - 'traefik.http.routers.traefik.rule=Host(`traefik2.example.eu`)'
      - 'traefik.http.routers.traefik.tls=true'
      - 'traefik.http.routers.traefik.entrypoints=websecure'
      - 'traefik.http.routers.traefik.service=api@internal'
      - 'traefik.http.routers.traefik.middlewares=authtraefik'
      - 'traefik.http.middlewares.authtraefik.basicauth.users=changeme:htpasswd'
	version: '3.6'
	services:
	traefik:
	container_name: 'traefik'
	image: 'traefik:latest'
	restart: 'always'
	security_opt:
	- no-new-privileges:true
	environment:
	- CF_API_EMAIL=${CF_API_EMAIL}
	- CF_API_KEY=${CF_API_KEY}
	command:
	- '--log.level=INFO'
	- '--entrypoints.web.address=:80'
	- '--entrypoints.websecure.address=:443'
	- '--providers.docker'
	- '--api'
	- '--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL}'
	- '--certificatesresolvers.cloudflare.acme.dnschallenge=true'
	- '--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare'
	- '--certificatesResolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53'
	- '--certificatesresolvers.cloudflare.acme.storage=/acme.json'
	#- '--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory'
	ports:
	- "80:80"
	- "443:443"
	volumes:
	- '/var/run/docker.sock:/var/run/docker.sock:ro'
	- './acme.json:/acme.json'
	labels:
	# global redirect to https
	- 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
	- 'traefik.http.routers.http-catchall.entrypoints=web'
	- 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
	- 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

	# global wildcard certificates
	- 'traefik.http.routers.wildcard-certs.tls.certresolver=cloudflare'
	- 'traefik.http.routers.wildcard-certs.tls.domains[0].main=example.eu'
	- 'traefik.http.routers.wildcard-certs.tls.domains[0].sans=*.example.eu'

	# dashboard
	- 'traefik.http.routers.traefik.rule=Host(`traefik2.example.eu`)'
	- 'traefik.http.routers.traefik.tls=true'
	- 'traefik.http.routers.traefik.entrypoints=websecure'
	- 'traefik.http.routers.traefik.service=api@internal'
	- 'traefik.http.routers.traefik.middlewares=authtraefik'
	- 'traefik.http.middlewares.authtraefik.basicauth.users=changeme:htpasswd'