Last active
July 17, 2023 20:39
-
-
Save johnfmorton/3347a5c159c43e535d828e45b86ce161 to your computer and use it in GitHub Desktop.
Traefik Docker Compose file - used on Laravel Forge
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# In my deployment script, I create the 'proxy' network that Traefik uses | |
# # Check for the network 'proxy', and, if it does not already exist, create it | |
# docker network ls | grep proxy || docker network create proxy | |
version: "3.7" | |
networks: | |
proxy: | |
external: true | |
services: | |
traefik: | |
image: traefik:v2.10 | |
container_name: "traefik" | |
restart: always | |
networks: | |
- proxy | |
ports: | |
- "80:80" | |
- "443:443" | |
# Uncomment for debug | |
# - "8080:8080" | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- ./letsencrypt:/letsencrypt | |
- ./traefik.auth:/auth/traefik.auth | |
command: | |
- --entrypoints.web.address=:80 | |
- "--api.insecure=true" | |
- "--providers.docker=true" | |
- "--providers.docker.exposedbydefault=false" | |
- "--entrypoints.websecure.address=:443" | |
- "--certificatesresolvers.leresolver.acme.tlschallenge=true" | |
# Relies on LETS_ENCRYPT_EMAIL in .env file, i.e., LETS_ENCRYPT_EMAIL=name@domain.com | |
- "--certificatesresolvers.leresolver.acme.email=${LETS_ENCRYPT_EMAIL}" | |
- "--certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json" | |
labels: | |
## TRAEFIK ROUTER & DASHBOARD | |
- traefik.enable=true | |
- traefik.http.routers.traefik.entrypoints=websecure | |
# Relies on TRAEFIK_DASHBOARD_HOST in .env file, i.e., TRAEFIK_DASHBOARD_HOST=traefik.domain.com | |
- traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`) | |
- traefik.http.routers.traefik.service=api@internal | |
- traefik.http.routers.traefik.middlewares=auth | |
- traefik.http.routers.traefik.tls.certresolver=leresolver | |
- traefik.http.services.traefik.loadbalancer.server.port=8080 | |
# https://github.com/traefik/traefik/issues/1254#issuecomment-299114960 | |
# https://gist.github.com/thomas15v/a446ac1745829f5a6a5f19c574739af8 | |
# Traefik was sometimes working, but only sometimes. Telling it specifically | |
# which network to choose to run on was what seemed to fix it. | |
- traefik.docker.network=proxy | |
## Global redirect to HTTPS | |
- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) | |
- traefik.http.routers.http-catchall.entrypoints=web | |
- traefik.http.routers.http-catchall.middlewares=redirect-to-https | |
## Middlewares | |
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=websecure | |
## AUTH | |
- traefik.http.middlewares.auth.basicauth.usersfile=/auth/traefik.auth |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment