khssnv/docker-compose.yml

## docker-compose.yml
version: "3.8"

services:
  app:
    build: .
    labels:
        - traefik.enable=true
        - traefik.http.routers.app.entrypoints=websecure
        - traefik.http.routers.app.rule=Host(`app.example.com`)
        - traefik.http.routers.app.tls=true
        - traefik.http.routers.app.tls.certresolver=letsencrypt
        - traefik.http.routers.app.service=app
        - traefik.http.routers.app.middlewares=sslheader
        - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=wss
        - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Ssl=on
        - traefik.http.services.app.loadbalancer.server.port=3333

  traefik:
      image: traefik:v2.9
      command:
        - --log.level=DEBUG
        - --accesslog=true
        - --entrypoints.web.address=:80
        - --entrypoints.web.http.redirections.entryPoint.to=websecure
        - --entrypoints.web.http.redirections.entryPoint.scheme=https
        - --entrypoints.websecure.address=:443
        - --entryPoints.websecure.forwardedHeaders.insecure=true
        - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
        - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
        - --certificatesresolvers.letsencrypt.acme.email=me@example.com
        - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
        - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
      ports:
        - 80:80
        - 443:443
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - letsencrypt:/letsencrypt

volumes:
  letsencrypt:

## traefik.log
app-traefik-1  | time="2022-12-02T13:48:34Z" level=info msg="Configuration loaded from flags."
app-traefik-1  | time="2022-12-02T13:48:34Z" level=info msg="Traefik version 2.9.5 built on 2022-11-17T15:04:26Z"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"websecure\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483646}}},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{\"insecure\":true},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\"},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"letsencrypt\":{\"acme\":{\"email\":\"me@example.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"web\"}}}}}"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Starting TCP Server" entryPointName=websecure
app-traefik-1  | time="2022-12-02T13:48:34Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=info msg="Starting provider *traefik.Provider"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="*traefik.Provider provider configuration: {}"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=info msg="Starting provider *acme.Provider"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="*acme.Provider provider configuration: {\"email\":\"me@example.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"web\"},\"ResolverName\":\"letsencrypt\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
app-traefik-1  | time="2022-12-02T13:48:34Z" level=info msg="Testing certificate renew..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Starting TCP Server" entryPointName=web
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"acme-http\":{\"entryPoints\":[\"web\"],\"service\":\"acme-http@internal\",\"rule\":\"PathPrefix(`/.well-known/acme-challenge/`)\",\"priority\":2147483647},\"web-to-websecure\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"redirect-web-to-websecure\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483646}},\"services\":{\"acme-http\":{},\"noop\":{}},\"middlewares\":{\"redirect-web-to-websecure\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=letsencrypt.acme
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=acme-http@internal
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Creating middleware" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Setting up redirection to https 443" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
app-traefik-1  | time="2022-12-02T13:48:34Z" level=debug msg="Adding certificate for domain(s) app.example.com"
app-traefik-1  | time="2022-12-02T13:48:35Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
app-traefik-1  | time="2022-12-02T13:48:35Z" level=debug msg="Added outgoing tracing middleware noop@internal" routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
app-traefik-1  | time="2022-12-02T13:48:35Z" level=debug msg="Creating middleware" middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal
app-traefik-1  | time="2022-12-02T13:48:35Z" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
app-traefik-1  | time="2022-12-02T13:48:35Z" level=debug msg="Adding 2tracing to middleware" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal entryPointName=web
app-traefik-1  | time="2022-12-02T13:48:35Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" entryPointName=web routerName=acme-http@internal middlewareName=tracing middlewareType=TracingForwarder
app-traefik-1  | time="2022-12-02T13:48:35Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
	version: "3.8"

	services:
	app:
	build: .
	labels:
	- traefik.enable=true
	- traefik.http.routers.app.entrypoints=websecure
	- traefik.http.routers.app.rule=Host(`app.example.com`)
	- traefik.http.routers.app.tls=true
	- traefik.http.routers.app.tls.certresolver=letsencrypt
	- traefik.http.routers.app.service=app
	- traefik.http.routers.app.middlewares=sslheader
	- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=wss
	- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Ssl=on
	- traefik.http.services.app.loadbalancer.server.port=3333

	traefik:
	image: traefik:v2.9
	command:
	- --log.level=DEBUG
	- --accesslog=true
	- --entrypoints.web.address=:80
	- --entrypoints.web.http.redirections.entryPoint.to=websecure
	- --entrypoints.web.http.redirections.entryPoint.scheme=https
	- --entrypoints.websecure.address=:443
	- --entryPoints.websecure.forwardedHeaders.insecure=true
	- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
	- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
	- --certificatesresolvers.letsencrypt.acme.email=me@example.com
	- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
	- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
	ports:
	- 80:80
	- 443:443
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	- letsencrypt:/letsencrypt

	volumes:
	letsencrypt:
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=info msg="Configuration loaded from flags."
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=info msg="Traefik version 2.9.5 built on 2022-11-17T15:04:26Z"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"websecure\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483646}}},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{\"insecure\":true},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\"},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"letsencrypt\":{\"acme\":{\"email\":\"me@example.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"web\"}}}}}"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Starting TCP Server" entryPointName=websecure
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=info msg="Starting provider *traefik.Provider"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="*traefik.Provider provider configuration: {}"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=info msg="Starting provider *acme.Provider"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="*acme.Provider provider configuration: {\"email\":\"me@example.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"web\"},\"ResolverName\":\"letsencrypt\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=info msg="Testing certificate renew..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Starting TCP Server" entryPointName=web
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"acme-http\":{\"entryPoints\":[\"web\"],\"service\":\"acme-http@internal\",\"rule\":\"PathPrefix(`/.well-known/acme-challenge/`)\",\"priority\":2147483647},\"web-to-websecure\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"redirect-web-to-websecure\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483646}},\"services\":{\"acme-http\":{},\"noop\":{}},\"middlewares\":{\"redirect-web-to-websecure\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=letsencrypt.acme
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=acme-http@internal
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Creating middleware" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Setting up redirection to https 443" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
	app-traefik-1 \| time="2022-12-02T13:48:34Z" level=debug msg="Adding certificate for domain(s) app.example.com"
	app-traefik-1 \| time="2022-12-02T13:48:35Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
	app-traefik-1 \| time="2022-12-02T13:48:35Z" level=debug msg="Added outgoing tracing middleware noop@internal" routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
	app-traefik-1 \| time="2022-12-02T13:48:35Z" level=debug msg="Creating middleware" middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal
	app-traefik-1 \| time="2022-12-02T13:48:35Z" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
	app-traefik-1 \| time="2022-12-02T13:48:35Z" level=debug msg="Adding 2tracing to middleware" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal entryPointName=web
	app-traefik-1 \| time="2022-12-02T13:48:35Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" entryPointName=web routerName=acme-http@internal middlewareName=tracing middlewareType=TracingForwarder
	app-traefik-1 \| time="2022-12-02T13:48:35Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery