Created
January 26, 2020 17:37
-
-
Save JohnnySixarms/fe43d818aa363fbf65ab6dc46ba5ff05 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.6' | |
services: | |
traefik: | |
container_name: 'traefik' | |
image: 'traefik:latest' | |
restart: 'always' | |
security_opt: | |
- no-new-privileges:true | |
environment: | |
- CF_API_EMAIL=${CF_API_EMAIL} | |
- CF_API_KEY=${CF_API_KEY} | |
command: | |
- '--log.level=INFO' | |
- '--entrypoints.web.address=:80' | |
- '--entrypoints.websecure.address=:443' | |
- '--providers.docker' | |
- "--providers.docker.exposedbydefault=false" | |
- '--api' | |
- '--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL}' | |
- '--certificatesresolvers.cloudflare.acme.dnschallenge=true' | |
- '--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare' | |
- '--certificatesResolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53' | |
- "--certificatesresolvers.cloudflare.acme.storage=/acme.json" | |
#- '--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory' | |
networks: | |
- traefik-proxy | |
ports: | |
- "80:80" | |
- "443:443" | |
volumes: | |
- '/var/run/docker.sock:/var/run/docker.sock:ro' | |
- "./acme.json:/acme.json" | |
labels: | |
# global redirect to https | |
- "traefik.enable=true" | |
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24" | |
- 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)' | |
- 'traefik.http.routers.http-catchall.entrypoints=web' | |
- 'traefik.http.routers.http-catchall.middlewares=redirect-to-https' | |
- 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https' | |
# global wildcard certificates | |
- 'traefik.http.routers.wildcard-certs.tls.certresolver=cloudflare' | |
- 'traefik.http.routers.wildcard-certs.tls.domains[0].main=example.com' | |
- 'traefik.http.routers.wildcard-certs.tls.domains[0].sans=*.example.com' | |
# dashboard | |
- 'traefik.http.routers.traefik.rule=Host(`traefik2.example.com`)' | |
- 'traefik.http.routers.traefik.tls=true' | |
- 'traefik.http.routers.traefik.entrypoints=websecure' | |
- 'traefik.http.routers.traefik.service=api@internal' | |
- 'traefik.http.routers.traefik.middlewares=authtraefik' | |
- 'traefik.http.middlewares.authtraefik.basicauth.users=jsixarms:[CHANGEME]' | |
portainer: | |
container_name: 'portainer' | |
image: 'portainer/portainer' | |
restart: 'always' | |
security_opt: | |
- no-new-privileges:true | |
networks: | |
- traefik-proxy | |
volumes: | |
- './config/portainer/data:/data' | |
- '/var/run/docker.sock:/var/run/docker.sock' | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24" | |
- 'traefik.http.routers.portainer.rule=Host(`portainer2.example.com`)' | |
- 'traefik.http.routers.portainer.tls=true' | |
- 'traefik.http.routers.portainer.entrypoints=websecure' | |
- "traefik.http.services.portainer.loadbalancer.server.port=9000" | |
bitwarden: | |
container_name: 'bitwarden' | |
image: 'bitwardenrs/server:latest' | |
restart: 'always' | |
security_opt: | |
- no-new-privileges:true | |
networks: | |
- traefik-proxy | |
volumes: | |
- './config/bitwarden/bw_data:/data' | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24" | |
- 'traefik.http.routers.bitwarden.rule=Host(`bitwarden.example.com`)' | |
- 'traefik.http.routers.bitwarden.tls=true' | |
- 'traefik.http.routers.bitwarden.entrypoints=websecure' | |
- "traefik.http.services.bitwarden.loadbalancer.server.port=80" | |
db: | |
image: mariadb | |
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW | |
restart: always | |
volumes: | |
- './config/mysql:/var/lib/mysql' | |
environment: | |
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} | |
env_file: | |
- db.env | |
networks: | |
- traefik-proxy | |
labels: | |
- "traefik.enable=false" | |
redis: | |
image: redis:alpine | |
restart: always | |
networks: | |
- traefik-proxy | |
labels: | |
- "traefik.enable=false" | |
app: | |
image: nextcloud:apache | |
restart: always | |
volumes: | |
- './config/nextcloud:/var/www/html' | |
- './nextcloud-data/data:/var/www/html/data' | |
environment: | |
- MYSQL_HOST=db | |
- REDIS_HOST=redis | |
env_file: | |
- db.env | |
depends_on: | |
- db | |
- redis | |
networks: | |
- traefik-proxy | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=15552000" | |
- "traefik.http.routers.app.middlewares=nextcloud-headers, wellknown" | |
- "traefik.http.middlewares.wellknown.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav" | |
- "traefik.http.middlewares.wellknown.redirectregex.replacement=https://$$1/remote.php/dav/" | |
- "traefik.http.middlewares.wellknown.redirectregex.permanent=true" | |
# - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24" | |
- 'traefik.http.routers.app.rule=Host(`cloud.example.com`)' | |
- 'traefik.http.routers.app.tls=true' | |
- 'traefik.http.routers.app.entrypoints=websecure' | |
- "traefik.http.services.app.loadbalancer.server.port=80" | |
# - "traefik.frontend.redirect.permanent: 'true'" | |
# - "traefik.frontend.redirect.regex: https://(.*)/.well-known/(card|cal)dav" | |
# - "traefik.frontend.redirect.replacement: https://$$1/remote.php/dav/" | |
cron: | |
image: nextcloud:apache | |
restart: always | |
volumes: | |
- './config/nextcloud:/var/www/html' | |
entrypoint: /cron.sh | |
depends_on: | |
- db | |
- redis | |
networks: | |
- traefik-proxy | |
labels: | |
- "traefik.enable=false" | |
networks: | |
traefik-proxy: | |
external: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment