Skip to content

Instantly share code, notes, and snippets.

@JohnnySixarms

JohnnySixarms/gist:fe43d818aa363fbf65ab6dc46ba5ff05

Created January 26, 2020 17:37
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save JohnnySixarms/fe43d818aa363fbf65ab6dc46ba5ff05 to your computer and use it in GitHub Desktop.
Save JohnnySixarms/fe43d818aa363fbf65ab6dc46ba5ff05 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
version: '3.6'
services:
traefik:
container_name: 'traefik'
image: 'traefik:latest'
restart: 'always'
security_opt:
- no-new-privileges:true
environment:
- CF_API_EMAIL=${CF_API_EMAIL}
- CF_API_KEY=${CF_API_KEY}
command:
- '--log.level=INFO'
- '--entrypoints.web.address=:80'
- '--entrypoints.websecure.address=:443'
- '--providers.docker'
- "--providers.docker.exposedbydefault=false"
- '--api'
- '--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL}'
- '--certificatesresolvers.cloudflare.acme.dnschallenge=true'
- '--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare'
- '--certificatesResolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53'
- "--certificatesresolvers.cloudflare.acme.storage=/acme.json"
#- '--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory'
networks:
- traefik-proxy
ports:
- "80:80"
- "443:443"
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- "./acme.json:/acme.json"
labels:
# global redirect to https
- "traefik.enable=true"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
- 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
- 'traefik.http.routers.http-catchall.entrypoints=web'
- 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
- 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'
# global wildcard certificates
- 'traefik.http.routers.wildcard-certs.tls.certresolver=cloudflare'
- 'traefik.http.routers.wildcard-certs.tls.domains[0].main=example.com'
- 'traefik.http.routers.wildcard-certs.tls.domains[0].sans=*.example.com'
# dashboard
- 'traefik.http.routers.traefik.rule=Host(`traefik2.example.com`)'
- 'traefik.http.routers.traefik.tls=true'
- 'traefik.http.routers.traefik.entrypoints=websecure'
- 'traefik.http.routers.traefik.service=api@internal'
- 'traefik.http.routers.traefik.middlewares=authtraefik'
- 'traefik.http.middlewares.authtraefik.basicauth.users=jsixarms:[CHANGEME]'
portainer:
container_name: 'portainer'
image: 'portainer/portainer'
restart: 'always'
security_opt:
- no-new-privileges:true
networks:
- traefik-proxy
volumes:
- './config/portainer/data:/data'
- '/var/run/docker.sock:/var/run/docker.sock'
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
- 'traefik.http.routers.portainer.rule=Host(`portainer2.example.com`)'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.entrypoints=websecure'
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
bitwarden:
container_name: 'bitwarden'
image: 'bitwardenrs/server:latest'
restart: 'always'
security_opt:
- no-new-privileges:true
networks:
- traefik-proxy
volumes:
- './config/bitwarden/bw_data:/data'
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
- 'traefik.http.routers.bitwarden.rule=Host(`bitwarden.example.com`)'
- 'traefik.http.routers.bitwarden.tls=true'
- 'traefik.http.routers.bitwarden.entrypoints=websecure'
- "traefik.http.services.bitwarden.loadbalancer.server.port=80"
db:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- './config/mysql:/var/lib/mysql'
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
env_file:
- db.env
networks:
- traefik-proxy
labels:
- "traefik.enable=false"
redis:
image: redis:alpine
restart: always
networks:
- traefik-proxy
labels:
- "traefik.enable=false"
app:
image: nextcloud:apache
restart: always
volumes:
- './config/nextcloud:/var/www/html'
- './nextcloud-data/data:/var/www/html/data'
environment:
- MYSQL_HOST=db
- REDIS_HOST=redis
env_file:
- db.env
depends_on:
- db
- redis
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=15552000"
- "traefik.http.routers.app.middlewares=nextcloud-headers, wellknown"
- "traefik.http.middlewares.wellknown.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.wellknown.redirectregex.replacement=https://$$1/remote.php/dav/"
- "traefik.http.middlewares.wellknown.redirectregex.permanent=true"
# - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
- 'traefik.http.routers.app.rule=Host(`cloud.example.com`)'
- 'traefik.http.routers.app.tls=true'
- 'traefik.http.routers.app.entrypoints=websecure'
- "traefik.http.services.app.loadbalancer.server.port=80"
# - "traefik.frontend.redirect.permanent: 'true'"
# - "traefik.frontend.redirect.regex: https://(.*)/.well-known/(card|cal)dav"
# - "traefik.frontend.redirect.replacement: https://$$1/remote.php/dav/"
cron:
image: nextcloud:apache
restart: always
volumes:
- './config/nextcloud:/var/www/html'
entrypoint: /cron.sh
depends_on:
- db
- redis
networks:
- traefik-proxy
labels:
- "traefik.enable=false"
networks:
traefik-proxy:
external: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment