Created
June 24, 2020 11:12
-
-
Save bigverm23/db74516ceef08971489688143d478c1e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
services: | |
########################### Traefik 2 - Reverse Proxy | |
traefik: | |
container_name: traefik | |
image: traefik:chevrotin # the chevrotin tag refers to v2.2.x | |
restart: unless-stopped | |
command: # CLI arguments | |
- --global.checkNewVersion=true | |
- --global.sendAnonymousUsage=true | |
- --entryPoints.http.address=:80 | |
- --entryPoints.https.address=:443 | |
# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/ | |
- --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22 | |
- --entryPoints.traefik.address=:8080 | |
- --api=true | |
# - --api.insecure=true | |
# - --serversTransport.insecureSkipVerify=true | |
- --log=true | |
- --log.level=WARN # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC | |
- --accessLog=true | |
- --accessLog.filePath=/traefik.log | |
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines | |
- --accessLog.filters.statusCodes=400-499 | |
- --providers.docker=true | |
- --providers.docker.endpoint=unix:///var/run/docker.sock | |
# - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`) | |
- --providers.docker.exposedByDefault=false | |
# - --entrypoints.https.http.middlewares=chain-authelia@file | |
# Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services. | |
- --entrypoints.https.http.tls.certresolver=dns-cloudflare | |
- --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME | |
- --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME | |
# - --entrypoints.https.http.tls.domains[1].main=$DOMAIN # Pulls main cert for second domain | |
# - --entrypoints.https.http.tls.domains[1].sans=*.$DOMAIN # Pulls wildcard cert for second domain | |
- --providers.docker.network=t2_proxy | |
- --providers.docker.swarmMode=false | |
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory. | |
# - --providers.file.filename=/path/to/file # Load dynamic configuration from a file. | |
- --providers.file.watch=true # Only works on top level files in the rules folder | |
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing | |
- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL | |
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json | |
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare | |
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 | |
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate | |
networks: | |
- t2_proxy | |
- default | |
security_opt: | |
- no-new-privileges:true | |
ports: | |
- target: 80 | |
published: 80 | |
protocol: tcp | |
mode: host | |
- target: 443 | |
published: 443 | |
protocol: tcp | |
mode: host | |
# - target: 8080 | |
# published: 8080 | |
# protocol: tcp | |
# mode: host | |
volumes: | |
- $USERDIR/docker/traefik2/rules:/rules | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- $USERDIR/docker/traefik2/acme/acme.json:/acme.json | |
- $USERDIR/docker/traefik2/traefik.log:/traefik.log | |
- $USERDIR/docker/shared:/shared | |
environment: | |
- CF_API_EMAIL=$CLOUDFLARE_EMAIL | |
- CF_API_KEY=$CLOUDFLARE_API_KEY | |
labels: | |
- "traefik.enable=true" | |
# HTTP-to-HTTPS Redirect | |
- "traefik.http.routers.http-catchall.entrypoints=http" | |
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" | |
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https" | |
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" | |
# HTTP Routers | |
- "traefik.http.routers.traefik-rtr.entrypoints=https" | |
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)" | |
## Services - API | |
- "traefik.http.routers.traefik-rtr.service=api@internal" | |
## Middlewares | |
- "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file" | |
ubooquity: | |
image: linuxserver/ubooquity | |
container_name: ubooquity | |
environment: | |
- PUID=$PUID | |
- PGID=$PGID | |
- TZ=$TZ | |
volumes: | |
- $USERDIR/docker/ubooquity:/config | |
- /data/media/books:/books | |
ports: | |
- "2202:2202" | |
- "2203:2203" | |
restart: always | |
networks: | |
- t2_proxy | |
security_opt: | |
- no-new-privileges:true | |
labels: | |
## HTTP Routers | |
- "traefik.http.routers.ubooquity-rtr.entrypoints=https" | |
- "traefik.http.routers.ubooquity-rtr.rule=Host(`ubooquity.$DOMAINNAME`) && Path(`/ubooquity/`))" | |
- "traefik.http.routers.ubooquity-rtr.priority=1" | |
## Middlewares | |
- "traefik.http.routers.ubooquity-rtr.middlewares=chain-oauth@file" | |
## HTTP Services | |
- "traefik.http.routers.ubooquity-rtr.service=ubooquity-svc" | |
- "traefik.http.services.ubooquity-svc.loadbalancer.server.port=2202" | |
## Ubooquity Admin | |
- "traefik.http.routers.ubooquityadmin-rtr.entrypoints=https" | |
- "traefik.http.routers.ubooquityadmin-rtr.rule=(Host(`ubooquity.$DOMAINNAME`) && Path(`/ubooquity/admin`))" | |
- "traefik.http.routers.ubooquityadmin-rtr.priority=2" | |
- "traefik.http.routers.ubooquityadmin-rtr.service=ubooquityadmin-svc" | |
- "traefik.http.services.ubooquityadmin-svc.loadbalancer.server.port=2203" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey, I came across your post on reddit about getting the basic html at login when using the addprefix path.
Curious if you ever got it working? Im in the same boat