beevk/ghost-compose.yml

## ghost-compose.yml
# docker compose for Ghost
networks:
  proxy:
    name: web
    external: true

services:
  ghost:
    image: beevk/ghost-s3:v1.0.0
    restart: always
    ports:
      - 2368:2368
    environment:
      database__client: mysql
      database__connection__host: db-host
      # and other environment variables
    labels:
      - traefik.enable=true
      - traefik.http.routers.ghost.rule=Host(`my-domain.com`) || Host(`www.my-domain.com`)
      - traefik.http.middlewares.my-auth-middleware.forwardauth.trustForwardHeader=true # To trust x-forwarded-* set by Cloudflare
      - traefik.http.routers.ghost.middlewares=my-auth-middleware
      - traefik.http.routers.ghost.tls=true # to use HTTPS
      - traefik.http.routers.ghost.tls.certresolver=cloudflare # is it even needed?
    volumes:
      - ./ghost-data:/var/lib/ghost/content
    networks:
      - proxy

## traefik-compose.yml
# docker compose for Traefik
services:
  reverse-proxy:
    image: traefik:v2.11
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik-data/config/traefik.yml:/traefik.yml:ro
      - ./traefik-data/config/acme.json:/acme.json
      - ./traefik-data/logs:/var/log/
    environment:
      - CF_API_EMAIL=email@gmail.com
      - CF_DNS_API_TOKEN=cloudflare-api-token
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`config.my-domain.com`)
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.websecure.tls=true
      - traefik.http.routers.websecure.tls.certresolver=cloudflare
      - traefik.http.routers.websecure.tls.domains[0].main=my-domain.com
      - traefik.http.routers.websecure.tls.domains[0].sans=*.my-domain.com
  whoami:
    image: traefik/whoami
    restart: always
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`info.my-domain.com`)

## traefik.yml
api:
  dashboard: true
  debug: true
entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
certificatesResolvers:
  cloudflare:
    acme:
      email: email@gmail.com #add your email
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
	# docker compose for Ghost
	networks:
	proxy:
	name: web
	external: true

	services:
	ghost:
	image: beevk/ghost-s3:v1.0.0
	restart: always
	ports:
	- 2368:2368
	environment:
	database__client: mysql
	database__connection__host: db-host
	# and other environment variables
	labels:
	- traefik.enable=true
	- traefik.http.routers.ghost.rule=Host(`my-domain.com`) \|\| Host(`www.my-domain.com`)
	- traefik.http.middlewares.my-auth-middleware.forwardauth.trustForwardHeader=true # To trust x-forwarded-* set by Cloudflare
	- traefik.http.routers.ghost.middlewares=my-auth-middleware
	- traefik.http.routers.ghost.tls=true # to use HTTPS
	- traefik.http.routers.ghost.tls.certresolver=cloudflare # is it even needed?
	volumes:
	- ./ghost-data:/var/lib/ghost/content
	networks:
	- proxy
	# docker compose for Traefik
	services:
	reverse-proxy:
	image: traefik:v2.11
	restart: always
	ports:
	- "80:80"
	- "443:443"
	- "8080:8080"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	- ./traefik-data/config/traefik.yml:/traefik.yml:ro
	- ./traefik-data/config/acme.json:/acme.json
	- ./traefik-data/logs:/var/log/
	environment:
	- CF_API_EMAIL=email@gmail.com
	- CF_DNS_API_TOKEN=cloudflare-api-token
	networks:
	- proxy
	labels:
	- traefik.enable=true
	- traefik.http.routers.api.rule=Host(`config.my-domain.com`)
	- traefik.http.routers.api.service=api@internal
	- traefik.http.routers.websecure.tls=true
	- traefik.http.routers.websecure.tls.certresolver=cloudflare
	- traefik.http.routers.websecure.tls.domains[0].main=my-domain.com
	- traefik.http.routers.websecure.tls.domains[0].sans=*.my-domain.com
	whoami:
	image: traefik/whoami
	restart: always
	networks:
	- proxy
	labels:
	- traefik.enable=true
	- traefik.http.routers.whoami.rule=Host(`info.my-domain.com`)
	api:
	dashboard: true
	debug: true
	entryPoints:
	web:
	address: ":80"
	websecure:
	address: ":443"
	serversTransport:
	insecureSkipVerify: true
	providers:
	docker:
	endpoint: "unix:///var/run/docker.sock"
	exposedByDefault: false
	certificatesResolvers:
	cloudflare:
	acme:
	email: email@gmail.com #add your email
	storage: acme.json
	dnsChallenge:
	provider: cloudflare
	#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
	resolvers:
	- "1.1.1.1:53"
	- "1.0.0.1:53"
	http:
	middlewares:
	redirect-to-https:
	redirectScheme:
	scheme: https