Roman-Blinkov/docker-compose.yml

## docker-compose.yml
version: '3.7'
services:
  influxdb:
    image: influxdb
    container_name: influxdb
    volumes:
      - /srv/monitor/influxdb/data:/var/lib/influxdb
      - /srv/monitor/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf:ro
    networks:
      - default
      - web
      - idnet
    labels:
      - "traefik.backend=influxdb"
      - "traefik.enable=true"
      - "traefik.frontend.rule=Host:influxdb.example.com"
      - "traefik.port=8086"
      - "traefik.docker.network=web"

  grafana:
    image: grafana/grafana
    container_name: grafana
    environment:
      - GF_SERVER_ROOT_URL=https://grafana.example.com
      - GF_EXTERNAL_IMAGE_STORAGE=local
      - GF_INSTALL_PLUGINS=grafana-piechart-panel
    networks:
      - default
      - web
      - idnet
    volumes:
      - /srv/monitor/grafana/data:/var/lib/grafana
    labels:
      - "traefik.backend=grafana"
      - "traefik.enable=true"
      - "traefik.frontend.rule=Host:grafana.example.com"
      - "traefik.port=3000"
      - "traefik.docker.network=web"

  telegraf:
    image: telegraf:latest
    container_name: telegraf
    volumes:
      - /srv/monitor/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro
      - /var/run/docker.sock:/var/run/docker.sock

  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    volumes:
      - /srv/monitor/prometheus/data:/prometheus
      - /srv/monitor/prometheus/etc:/etc/prometheus
    networks:
      - default
      - idnet

  traefik:
    image: traefik:latest
    container_name: traefik
    environment:
      - AZURE_CLIENT_ID=secret
      - AZURE_CLIENT_SECRET=secret
      - AZURE_SUBSCRIPTION_ID=secret
      - AZURE_TENANT_ID=secret
      - AZURE_RESOURCE_GROUP=secret
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /srv/traefik:/etc/traefik
    networks:
      - web
      - default
    ports:
      - 80:80
      - 443:443

networks:
  web:
    external: true
  dbnet:
    driver: 'bridge'
  idnet:
    driver: 'bridge'

## prometheus.yml
# /srv/monitor/prometheus/etc/prometheus.yml
# my global config
global:
  scrape_interval:     15s # By default, scrape targets every 15 seconds.
  evaluation_interval: 15s # By default, scrape targets every 15 seconds.
  # scrape_timeout is set to the global default (10s).

  # Attach these labels to any time series or alerts when communicating with
  # external systems (federation, remote storage, Alertmanager).
  external_labels:
      monitor: 'my-project'

# Load and evaluate rules in this file every 'evaluation_interval' seconds.
rule_files:
  - 'alert.rules'
  # - "first.rules"
  # - "second.rules"

# alert
#alerting:
#  alertmanagers:
#  - scheme: http
#    static_configs:
#    - targets:
#      - "alertmanager:9093"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.

  - job_name: 'traefik'

    # Override the global default and scrape targets from this job every 5 seconds.
    scrape_interval: 5s

    static_configs:
         - targets: ['traefik:8080']

#  - job_name: 'traefik'
    # If the traefik has authentication
#    basic_auth:
#        username: user
#        password: password
    # If the entrypoint is HTTPS
#    scheme: https
#    static_configs:
#      - targets:
#        - example.com:443

#  - job_name: 'cadvisor'

    # Override the global default and scrape targets from this job every 5 seconds.
#    scrape_interval: 5s

#    dns_sd_configs:
#    - names:
#      - 'tasks.cadvisor'
#      type: 'A'
#      port: 8080

#     static_configs:
#          - targets: ['cadvisor:8080']

#  - job_name: 'node-exporter'

# Override the global default and scrape targets from this job every 5 seconds.
#    scrape_interval: 5s

#    dns_sd_configs:
#    - names:
#      - 'tasks.node-exporter'
#      type: 'A'
#      port: 9100

#     static_configs:
#          - targets: ['node-exporter:9100']

## traefik.toml
#/srv/traefik/traefik.toml
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]

[web]
  address = ":8080"

[metrics]
  [metrics.prometheus]
    entryPoint = "traefik"
    buckets = [0.1,0.3,1.2,5.0]

[docker]
  domain = "example.com"
  watch = true
  exposedbydefault = false

 # Force HTTPS
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

 # Let's encrypt configuration
 [acme]
   email = "info@example.com"
   storage = "/etc/traefik/acme.json"
   entryPoint = "https"
   acmeLogging = true
   [acme.dnsChallenge]
     provider = "azure"
     delayBeforeCheck = 0
[[acme.domains]]
  main = "*.example.com"
  sans = ["example.com"]
	version: '3.7'
	services:
	influxdb:
	image: influxdb
	container_name: influxdb
	volumes:
	- /srv/monitor/influxdb/data:/var/lib/influxdb
	- /srv/monitor/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf:ro
	networks:
	- default
	- web
	- idnet
	labels:
	- "traefik.backend=influxdb"
	- "traefik.enable=true"
	- "traefik.frontend.rule=Host:influxdb.example.com"
	- "traefik.port=8086"
	- "traefik.docker.network=web"

	grafana:
	image: grafana/grafana
	container_name: grafana
	environment:
	- GF_SERVER_ROOT_URL=https://grafana.example.com
	- GF_EXTERNAL_IMAGE_STORAGE=local
	- GF_INSTALL_PLUGINS=grafana-piechart-panel
	networks:
	- default
	- web
	- idnet
	volumes:
	- /srv/monitor/grafana/data:/var/lib/grafana
	labels:
	- "traefik.backend=grafana"
	- "traefik.enable=true"
	- "traefik.frontend.rule=Host:grafana.example.com"
	- "traefik.port=3000"
	- "traefik.docker.network=web"

	telegraf:
	image: telegraf:latest
	container_name: telegraf
	volumes:
	- /srv/monitor/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro
	- /var/run/docker.sock:/var/run/docker.sock

	prometheus:
	image: prom/prometheus:latest
	container_name: prometheus
	volumes:
	- /srv/monitor/prometheus/data:/prometheus
	- /srv/monitor/prometheus/etc:/etc/prometheus
	networks:
	- default
	- idnet

	traefik:
	image: traefik:latest
	container_name: traefik
	environment:
	- AZURE_CLIENT_ID=secret
	- AZURE_CLIENT_SECRET=secret
	- AZURE_SUBSCRIPTION_ID=secret
	- AZURE_TENANT_ID=secret
	- AZURE_RESOURCE_GROUP=secret
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- /srv/traefik:/etc/traefik
	networks:
	- web
	- default
	ports:
	- 80:80
	- 443:443

	networks:
	web:
	external: true
	dbnet:
	driver: 'bridge'
	idnet:
	driver: 'bridge'
	# /srv/monitor/prometheus/etc/prometheus.yml
	# my global config
	global:
	scrape_interval: 15s # By default, scrape targets every 15 seconds.
	evaluation_interval: 15s # By default, scrape targets every 15 seconds.
	# scrape_timeout is set to the global default (10s).

	# Attach these labels to any time series or alerts when communicating with
	# external systems (federation, remote storage, Alertmanager).
	external_labels:
	monitor: 'my-project'

	# Load and evaluate rules in this file every 'evaluation_interval' seconds.
	rule_files:
	- 'alert.rules'
	# - "first.rules"
	# - "second.rules"

	# alert
	#alerting:
	# alertmanagers:
	# - scheme: http
	# static_configs:
	# - targets:
	# - "alertmanager:9093"

	# A scrape configuration containing exactly one endpoint to scrape:
	# Here it's Prometheus itself.
	scrape_configs:
	# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.

	- job_name: 'traefik'

	# Override the global default and scrape targets from this job every 5 seconds.
	scrape_interval: 5s

	static_configs:
	- targets: ['traefik:8080']

	# - job_name: 'traefik'
	# If the traefik has authentication
	# basic_auth:
	# username: user
	# password: password
	# If the entrypoint is HTTPS
	# scheme: https
	# static_configs:
	# - targets:
	# - example.com:443

	# - job_name: 'cadvisor'

	# Override the global default and scrape targets from this job every 5 seconds.
	# scrape_interval: 5s

	# dns_sd_configs:
	# - names:
	# - 'tasks.cadvisor'
	# type: 'A'
	# port: 8080

	# static_configs:
	# - targets: ['cadvisor:8080']

	# - job_name: 'node-exporter'

	# Override the global default and scrape targets from this job every 5 seconds.
	# scrape_interval: 5s

	# dns_sd_configs:
	# - names:
	# - 'tasks.node-exporter'
	# type: 'A'
	# port: 9100

	# static_configs:
	# - targets: ['node-exporter:9100']
	#/srv/traefik/traefik.toml
	logLevel = "INFO"
	defaultEntryPoints = ["http", "https"]

	[web]
	address = ":8080"

	[metrics]
	[metrics.prometheus]
	entryPoint = "traefik"
	buckets = [0.1,0.3,1.2,5.0]

	[docker]
	domain = "example.com"
	watch = true
	exposedbydefault = false

	# Force HTTPS
	[entryPoints]
	[entryPoints.http]
	address = ":80"
	[entryPoints.http.redirect]
	entryPoint = "https"
	[entryPoints.https]
	address = ":443"
	[entryPoints.https.tls]

	# Let's encrypt configuration
	[acme]
	email = "info@example.com"
	storage = "/etc/traefik/acme.json"
	entryPoint = "https"
	acmeLogging = true
	[acme.dnsChallenge]
	provider = "azure"
	delayBeforeCheck = 0
	[[acme.domains]]
	main = "*.example.com"
	sans = ["example.com"]