Skip to content

Instantly share code, notes, and snippets.

@encryptblockr

encryptblockr/compose-caddy.yml

Forked from pascalandy/compose-caddy.yml
Created June 20, 2020 12:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save encryptblockr/08623dab0f720bb6b66edf820f0112b9 to your computer and use it in GitHub Desktop.
Save encryptblockr/08623dab0f720bb6b66edf820f0112b9 to your computer and use it in GitHub Desktop.
Download ZIP
Traefik V2 / my docker compose files
Raw
compose-caddy.yml
version: "3.3"
services:
caddy:
image: abiosoft/caddy:1.0.3-no-stats
container_name: caddy
hostname: caddy
restart: unless-stopped
volumes:
- /mnt/webapps/blue:/srv
labels:
#### core configs
- "traefik.enable=true"
# - "traefik.http.routers.caddy.service=caddy" # swarm
- "traefik.http.routers.caddy.rule=Host(`devkiwi.club`) && PathPrefix(`/caddy`)"
- "traefik.http.services.caddy.loadbalancer.server.port=2015"
#### set TLS (https)
- "traefik.http.routers.caddy.entrypoints=websecure"
- "traefik.http.routers.caddy.tls=true"
- "traefik.http.routers.caddy.tls.certresolver=leresolver"
#### Apply rules (middlewares)
- "traefik.http.routers.caddy.middlewares=RuleGrpMain"
#### https://twitter.com/askpascalandy
Raw
compose-home.yml
version: "3.3"
services:
home:
image: containous/whoami:v1.4.0
container_name: home
hostname: home
restart: unless-stopped
labels:
#### core configs
- "traefik.enable=true"
- "traefik.http.routers.home.rule=Host(`devkiwi.club`) && Path(`/`)"
- "traefik.http.services.home.loadbalancer.server.port=80"
#### set TLS (https)
- "traefik.http.routers.home.entrypoints=websecure"
- "traefik.http.routers.home.tls=true"
- "traefik.http.routers.home.tls.certresolver=leresolver"
#### Apply rules (middlewares)
- "traefik.http.routers.home.middlewares=RuleGrpMain"
#### https://twitter.com/askpascalandy
Raw
compose-nginx.yml
version: "3.3"
services:
nginx:
image: nginx:1.17-alpine
container_name: nginx
hostname: nginx
restart: unless-stopped
volumes:
- /mnt/webapps/green:/usr/share/nginx/html
labels:
#### core configs
- "traefik.enable=true"
# - "traefik.http.routers.caddy.service=nginx" # swarm
- "traefik.http.routers.nginx.rule=Host(`devkiwi.club`) && PathPrefix(`/nginx`)"
- "traefik.http.services.nginx.loadbalancer.server.port=80"
#### set TLS (https)
- "traefik.http.routers.nginx.entrypoints=websecure"
- "traefik.http.routers.nginx.tls=true"
- "traefik.http.routers.nginx.tls.certresolver=leresolver"
#### Apply rules (middlewares)
- "traefik.http.routers.nginx.middlewares=RuleGrpMain"
#### https://twitter.com/askpascalandy
Raw
compose-traefik.yml
version: "3.3"
services:
#### our favorite reverse-proxy
traefik:
image: traefik:v2.1.2
container_name: traefik
hostname: traefik
restart: unless-stopped
healthcheck:
test: traefik healthcheck --ping
ports:
- 80:80
- 443:443
- 8082:8082 #<== ping
volumes:
- /etc/localtime:/etc/localtime:ro #<== sync time from the node
- ./traefik.yml:/traefik.yml:ro #<== static configs / traefik load them directly
- ./conf.d:/conf.d:ro #<== dynamic configs / we must specify this directory in the static configs as well
- ./users_credentials:/users_credentials:ro #<== basicauth
- /mnt/DeployGRP/tooldata/traefik/log/:/var/log/
- /mnt/DeployGRP/tooldata/traefik/letsencrypt:/letsencrypt
#### labels are dynamic configs as well
labels:
#___ core configs
- traefik.enable=true
#___ set traefik dashboard + API. The API is available at: mydomain.club/api/http/routers & mydomain.club/api/rawdata
- "traefik.http.routers.traefik.rule=Host(`devkiwi.club`) && (PathPrefix(`/traefik`) || PathPrefix(`/api`))"
- "traefik.http.routers.traefik.service=api@internal"
#___ set TLS (https)
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=leresolver"
#___ Ping is open to the world to let third party monitor traefik availability / healthcheck) (without basicauth)
- "traefik.http.routers.ping.rule=Host(`devkiwi.club`) && Path(`/ping`)"
- "traefik.http.routers.ping.service=ping@internal"
- "traefik.http.routers.ping.tls.certresolver=leresolver"
- "traefik.http.routers.ping.tls=true"
#___ use these middlewares
- "traefik.http.routers.traefik.middlewares=auth_all,traefik-strip"
#___ specific middleware for traefik (it enables the dashboard at mydomain.com/traefik)
- "traefik.http.middlewares.traefik-strip.stripprefix.prefixes=/traefik"
# Middleware GROUPS
# ========================================================
#___ RuleGrpMain (follow bug: https://github.com/containous/traefik/issues/5890)
- "traefik.http.middlewares.RuleGrpMain.chain.middlewares=compress_all,ratelimit_all,retry_all,header_all,slash_step1,slash_step2"
#___ RuleGrpSlash
- "traefik.http.middlewares.RuleGrpSlash.chain.middlewares=slash_step1,slash_step2"
# Middlewares RULES
# ========================================================
# auth_all (useful for all dashboards)
- "traefik.http.middlewares.auth_all.basicauth.usersfile=/users_credentials"
# compress_all
- "traefik.http.middlewares.compress_all.compress=true"
# ratelimit_all
- "traefik.http.middlewares.ratelimit_all.ratelimit.average=100"
- "traefik.http.middlewares.ratelimit_all.ratelimit.burst=10"
# retry_all
- "traefik.http.middlewares.retry_all.retry.attempts=5"
# error_all
- "traefik.http.middlewares.error_all.errors.status=400-599"
- "traefik.http.middlewares.error_all.errors.service=serviceError"
- "traefik.http.middlewares.error_all.errors.query=/{status}.html"
# slash_step1 + slash_step2 | Add missing trailing slash
- "traefik.http.middlewares.slash_step1.redirectregex.regex=^(https?://[^/]+/[a-z0-9_]+)$$"
- "traefik.http.middlewares.slash_step1.redirectregex.replacement=$${1}/"
- "traefik.http.middlewares.slash_step1.redirectregex.permanent=true"
- "traefik.http.middlewares.slash_step2.stripprefixregex.regex=/[a-z0-9_]+"
# header_all
- "traefik.http.middlewares.header_all.headers.browserXssFilter=true"
- "traefik.http.middlewares.header_all.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.header_all.headers.forceSTSHeader=true"
- "traefik.http.middlewares.header_all.headers.framedeny=true"
- "traefik.http.middlewares.header_all.headers.sslredirect=true"
- "traefik.http.middlewares.header_all.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.header_all.headers.stsPreload=true"
- "traefik.http.middlewares.header_all.headers.stsSeconds=31536000"
- "traefik.http.middlewares.header_all.headers.featurePolicy=accelerometer 'none'; ambient-light-sensor 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; usb 'none'; midi 'none'; sync-xhr 'none'; vr 'none'"
- "traefik.http.middlewares.header_all.headers.contentSecurityPolicy=default-src https:"
- "traefik.http.middlewares.header_all.headers.referrerPolicy=strict-origin-when-cross-origin"
#- "traefik.http.middlewares.header_all.headers.customrequestheaders.X-Script-Name=firepress-org"
#- "traefik.http.middlewares.header_all.headers.customresponseheaders.X-Custom-Response-Header=rocks"
#- "traefik.http.middlewares.header_all.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
#- "traefik.http.middlewares.header_all.headers.accesscontrolalloworigin=origin-list-or-null"
#- "traefik.http.middlewares.header_all.headers.accesscontrolmaxage=100"
#- "traefik.http.middlewares.header_all.headers.addvaryheader=true"
#- "traefik.http.middlewares.header_all.headers.publicKey=true"
# Redirect all http requests to https
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# Docker swarm need a dummy service for port detection
- "traefik.http.services.dummy-service.loadbalancer.server.port=59999"
#### https://twitter.com/askpascalandy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment