johnfmorton/docker-compose-traefik.yml

## docker-compose-traefik.yml
# In my deployment script, I create the 'proxy' network that Traefik uses
# # Check for the network 'proxy', and, if it does not already exist, create it
# docker network ls | grep proxy || docker network create proxy

version: "3.7"
networks:
  proxy:
    external: true

services:
  traefik:
    image: traefik:v2.10
    container_name: "traefik"
    restart: always
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      # Uncomment for debug
      # - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./letsencrypt:/letsencrypt
      - ./traefik.auth:/auth/traefik.auth
    command:
      - --entrypoints.web.address=:80
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.leresolver.acme.tlschallenge=true"
      # Relies on LETS_ENCRYPT_EMAIL in .env file, i.e., LETS_ENCRYPT_EMAIL=name@domain.com
      - "--certificatesresolvers.leresolver.acme.email=${LETS_ENCRYPT_EMAIL}"
      - "--certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json"
    labels:
      ## TRAEFIK ROUTER & DASHBOARD
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=websecure
      # Relies on TRAEFIK_DASHBOARD_HOST in .env file, i.e., TRAEFIK_DASHBOARD_HOST=traefik.domain.com
      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.middlewares=auth
      - traefik.http.routers.traefik.tls.certresolver=leresolver
      - traefik.http.services.traefik.loadbalancer.server.port=8080
      # https://github.com/traefik/traefik/issues/1254#issuecomment-299114960
      # https://gist.github.com/thomas15v/a446ac1745829f5a6a5f19c574739af8
      # Traefik was sometimes working, but only sometimes. Telling it specifically
      # which network to choose to run on was what seemed to fix it.
      - traefik.docker.network=proxy

      ## Global redirect to HTTPS
      - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
      - traefik.http.routers.http-catchall.entrypoints=web
      - traefik.http.routers.http-catchall.middlewares=redirect-to-https

      ## Middlewares
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=websecure

      ## AUTH
      - traefik.http.middlewares.auth.basicauth.usersfile=/auth/traefik.auth
	# In my deployment script, I create the 'proxy' network that Traefik uses
	# # Check for the network 'proxy', and, if it does not already exist, create it
	# docker network ls \| grep proxy \|\| docker network create proxy

	version: "3.7"
	networks:
	proxy:
	external: true

	services:
	traefik:
	image: traefik:v2.10
	container_name: "traefik"
	restart: always
	networks:
	- proxy
	ports:
	- "80:80"
	- "443:443"
	# Uncomment for debug
	# - "8080:8080"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	- ./letsencrypt:/letsencrypt
	- ./traefik.auth:/auth/traefik.auth
	command:
	- --entrypoints.web.address=:80
	- "--api.insecure=true"
	- "--providers.docker=true"
	- "--providers.docker.exposedbydefault=false"
	- "--entrypoints.websecure.address=:443"
	- "--certificatesresolvers.leresolver.acme.tlschallenge=true"
	# Relies on LETS_ENCRYPT_EMAIL in .env file, i.e., LETS_ENCRYPT_EMAIL=name@domain.com
	- "--certificatesresolvers.leresolver.acme.email=${LETS_ENCRYPT_EMAIL}"
	- "--certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json"
	labels:
	## TRAEFIK ROUTER & DASHBOARD
	- traefik.enable=true
	- traefik.http.routers.traefik.entrypoints=websecure
	# Relies on TRAEFIK_DASHBOARD_HOST in .env file, i.e., TRAEFIK_DASHBOARD_HOST=traefik.domain.com
	- traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)
	- traefik.http.routers.traefik.service=api@internal
	- traefik.http.routers.traefik.middlewares=auth
	- traefik.http.routers.traefik.tls.certresolver=leresolver
	- traefik.http.services.traefik.loadbalancer.server.port=8080
	# https://github.com/traefik/traefik/issues/1254#issuecomment-299114960
	# https://gist.github.com/thomas15v/a446ac1745829f5a6a5f19c574739af8
	# Traefik was sometimes working, but only sometimes. Telling it specifically
	# which network to choose to run on was what seemed to fix it.
	- traefik.docker.network=proxy

	## Global redirect to HTTPS
	- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
	- traefik.http.routers.http-catchall.entrypoints=web
	- traefik.http.routers.http-catchall.middlewares=redirect-to-https

	## Middlewares
	- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=websecure

	## AUTH
	- traefik.http.middlewares.auth.basicauth.usersfile=/auth/traefik.auth