Expose secured websites from docker containers with traefik

rcon.compose.yml

version: '3.7'
services:
  rcon:
    image: itzg/rcon
    user: ${CURRENT_USER}
    environment: 
      RWA_WEBSOCKET_URL_SSL: wss://wss.rcon.your-url.com
      RWA_WEBSOCKET_URL: ws://ws.rcon.your-url.com
    env_file: 
      - rcon.env
      - rcon.secrets.env
    volumes:
      - "./rcon:/opt/rcon-web-admin/db"
    networks:
      - minecraft
      - traefik
    labels:
      - traefik.http.routers.rcon.rule=Host(`rcon.your-url.com`)
      - traefik.http.services.rcon.loadbalancer.server.port=4326
      - traefik.http.routers.rcon.entrypoints=websecure
      - traefik.http.routers.rcon.tls.certresolver=myresolver
      - traefik.http.routers.rcon.tls=true
      - traefik.http.routers.rcon.service=rcon

      - traefik.http.routers.rconws.rule=Host(`ws.rcon.your-url.com`)
      - traefik.http.services.rconws.loadbalancer.server.port=4327
      - traefik.http.routers.rconws.entrypoints=web
      - traefik.http.routers.rconws.service=rconws

      - traefik.http.routers.rconwss.rule=Host(`wss.rcon.your-url.com`)
      - traefik.http.services.rconwss.loadbalancer.server.port=4327
      - traefik.http.routers.rconwss.entrypoints=websecure
      - traefik.http.routers.rconwss.tls.certresolver=myresolver
      - traefik.http.routers.rconwss.tls=true
      - traefik.http.routers.rconwss.service=rconwss

      - traefik.docker.network=traefik
networks:
  minecraft:
    driver: bridge
  traefik:
    external: true

server.compose.yml

version: '3.7'
services: 
  main:
    image: itzg/minecraft-server
    restart: always
    labels:
      - traefik.http.routers.dynmap.rule=Host(`map.your-url.com`)
      - traefik.http.services.dynmap.loadbalancer.server.port=8123
      - traefik.http.routers.dynmap.entrypoints=websecure
      - traefik.http.routers.dynmap.tls.certresolver=myresolver
      - traefik.http.routers.dynmap.tls=true
      - traefik.http.routers.dynmap.service=dynmap
    volumes:
      - ./server:/data
      - /etc/timezone:/etc/timezone:ro
    networks:
      - minecraft
      - traefik
networks:
  minecraft:
    driver: bridge
  traefik:
    external: true

traefik.compose.yml

version: "3.3"

services:
  traefik:
    image: "traefik:v2.3"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=webmaster@your-url.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "80:80"
    networks:
      - traefik
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.api.tls.certresolver=myresolver"
      - "traefik.http.routers.api.rule=Host(`traefik.your-url.com`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=..."
networks:
  traefik:
    driver: bridge
    external: true