acovrig/docker-compose.yml

## docker-compose.yml
version: '3.4'
networks:
  backend:
    driver: overlay
    external: true
services:
  traefik:
    image: traefik:2.2
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/ceph/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
      - /mnt/ceph/traefik/config:/etc/traefik/config:ro
      - /mnt/ceph/traefik/certs:/etc/letsencrypt
    networks:
      - backend
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
      - target: 2222
        published: 2222
        mode: host
    deploy:
      mode: global
      placement:
        constraints:
          - "node.role==manager"
      update_config:
        parallelism: 1
        delay: 10s
        order: stop-first
      restart_policy:
        condition: on-failure

## dynamic.yml
http:
  routers:
    time:
      rule: "Host(`domain4`)"
      service: time
      tls: {}

  services:
    time:
      loadBalancer:
        servers:
          - url: "http://backend_ip"

## traefik.yml
entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entrypoint:
          to: websecure
          scheme: https
          priority: 1

  websecure:
    address: ":443"
  git_ssh:
    address: ":2222"

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/letsencrypt/live/domain1/fullchain.pem
        keyFile: /etc/letsencrypt/live/domain1/privkey.pem
  certificates:
    - certFile: /etc/letsencrypt/domain2.crt
      keyFile: /etc/letsencrypt/domain2.key
    - certFile: /etc/letsencrypt/live/domain3/fullchain.pem
      keyFile: /etc/letsencrypt/live/domain3/privkey.pem
    - certFile: /etc/letsencrypt/live/domain1/fullchain.pem
      keyFile: /etc/letsencrypt/live/domain1/privkey.pem

certificatesResolvers:
  le:
    acme:
      email: 'tech@domain2'
      storage: '/etc/letsencrypt/treafik-acme.json'
      httpChallenge:
        entryPoint: web

api:
  dashboard: true

providers:
  file:
    directory: /etc/traefik/config
    watch: true
  docker:
    endpoint: "unix:///var/run/docker.sock"
    swarmMode: true
    exposedByDefault: false
    watch: true
	version: '3.4'
	networks:
	backend:
	driver: overlay
	external: true
	services:
	traefik:
	image: traefik:2.2
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- /mnt/ceph/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
	- /mnt/ceph/traefik/config:/etc/traefik/config:ro
	- /mnt/ceph/traefik/certs:/etc/letsencrypt
	networks:
	- backend
	ports:
	- target: 80
	published: 80
	mode: host
	- target: 443
	published: 443
	mode: host
	- target: 2222
	published: 2222
	mode: host
	deploy:
	mode: global
	placement:
	constraints:
	- "node.role==manager"
	update_config:
	parallelism: 1
	delay: 10s
	order: stop-first
	restart_policy:
	condition: on-failure
	http:
	routers:
	time:
	rule: "Host(`domain4`)"
	service: time
	tls: {}

	services:
	time:
	loadBalancer:
	servers:
	- url: "http://backend_ip"
	entryPoints:
	web:
	address: ":80"
	http:
	redirections:
	entrypoint:
	to: websecure
	scheme: https
	priority: 1

	websecure:
	address: ":443"
	git_ssh:
	address: ":2222"

	tls:
	stores:
	default:
	defaultCertificate:
	certFile: /etc/letsencrypt/live/domain1/fullchain.pem
	keyFile: /etc/letsencrypt/live/domain1/privkey.pem
	certificates:
	- certFile: /etc/letsencrypt/domain2.crt
	keyFile: /etc/letsencrypt/domain2.key
	- certFile: /etc/letsencrypt/live/domain3/fullchain.pem
	keyFile: /etc/letsencrypt/live/domain3/privkey.pem
	- certFile: /etc/letsencrypt/live/domain1/fullchain.pem
	keyFile: /etc/letsencrypt/live/domain1/privkey.pem

	certificatesResolvers:
	le:
	acme:
	email: 'tech@domain2'
	storage: '/etc/letsencrypt/treafik-acme.json'
	httpChallenge:
	entryPoint: web

	api:
	dashboard: true

	providers:
	file:
	directory: /etc/traefik/config
	watch: true
	docker:
	endpoint: "unix:///var/run/docker.sock"
	swarmMode: true
	exposedByDefault: false
	watch: true