mdnmdn/portainer-stack.yaml

## portainer-stack.yaml
version: "3.3"

services:
  portainer:
    image: portainer/portainer-ce:2.19.0
    container_name: portainer
    restart: always
    labels:
      - "traefik.docker.network=public-web"
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`portainer.mydomain.com`)"
      - "traefik.http.routers.portainer.entrypoints=websecure"
      - "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
      #- "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
      - "traefik.http.services.portainer-svc.loadbalancer.server.port=9443"
      - "traefik.http.services.portainer-svc.loadbalancer.server.scheme=https"
    ports:
      - "9443:9443"
      #- "9000:9000"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "portainer_data:/data"
    networks:
      - public-web

volumes:
  portainer_data:

networks:
   public-web:
     external: true

# docker compose --file ./portainer-stack.yaml -p portainer up -d

## sample-api.yaml
version: "3.3"

services:
  portainer:
    image: tutum/hello-world:latest
    restart: always
    labels:
      - "traefik.docker.network=public-web"
      - "traefik.enable=true"
      - "traefik.http.routers.hello-world.rule=Host(`hello.mydomain.com`)"
      - "traefik.http.routers.hello-world.entrypoints=web,websecure"
      - "traefik.http.routers.hello-world.tls.certresolver=letsencrypt"
      #- "traefik.http.services.hello-world-svc.loadbalancer.server.port=80"
      #- "traefik.http.services.portainer-svc.loadbalancer.server.scheme=http"
    #ports:
      #- "8081:80"
    networks:
      - public-web

networks:
   public-web:
     external: true

# docker compose --file ./sample-api.yaml -p sample-api up -d

## traefik-stack.yaml
version: "3.3"

services:

  traefik:
    image: "traefik:v2.7"
    container_name: "traefik"
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      # https://traefik.mydomain.com/dashboard/#
      #- "traefik.http.routers.dashboard.rule=Host(`traefik.mydomain.com`)"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$5cC2nmbY$$XjxNjSePyxppoTPYaknkg/,test2:$$apr1$$mcz7SwSk$$Kh/y8TGuRX6hjDL4RosUB."
      #pwd: io   echo $(htpasswd -nB test) | sed -e s/\\$/\\$\\$/g

    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.email=me@mydomain.com"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      #- "--serverstransport.insecureskipverify=true"  # container exposing in self signedhttps
      - "--api.dashboard=true"
      #- "--providers.file.directory=/file-configs" # folder config to be tested
      #- "--providers.file.watch=true"

    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "traefik-letsencrypt:/letsencrypt"
      #- "/path/to/config/files:/file-configs" # folder config to be tested
    networks:
      - public-web

  # sample service
  whoami:
    image: "traefik/whoami"
    container_name: "sample-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`ping.mydomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=web,websecure"
      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
    networks:
      - public-web

networks:
   public-web:
     external: true

# docker network create  public-web

volumes:
   traefik-letsencrypt:

# docker compose --file ./traefik-stack.yaml -p traefik up -d
	version: "3.3"

	services:
	portainer:
	image: portainer/portainer-ce:2.19.0
	container_name: portainer
	restart: always
	labels:
	- "traefik.docker.network=public-web"
	- "traefik.enable=true"
	- "traefik.http.routers.portainer.rule=Host(`portainer.mydomain.com`)"
	- "traefik.http.routers.portainer.entrypoints=websecure"
	- "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
	#- "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
	- "traefik.http.services.portainer-svc.loadbalancer.server.port=9443"
	- "traefik.http.services.portainer-svc.loadbalancer.server.scheme=https"
	ports:
	- "9443:9443"
	#- "9000:9000"
	volumes:
	- "/var/run/docker.sock:/var/run/docker.sock"
	- "portainer_data:/data"
	networks:
	- public-web

	volumes:
	portainer_data:

	networks:
	public-web:
	external: true

	# docker compose --file ./portainer-stack.yaml -p portainer up -d
	version: "3.3"

	services:

	traefik:
	image: "traefik:v2.7"
	container_name: "traefik"
	restart: always
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.dashboard.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) \|\| PathPrefix(`/dashboard`))"
	# https://traefik.mydomain.com/dashboard/#
	#- "traefik.http.routers.dashboard.rule=Host(`traefik.mydomain.com`)"
	- "traefik.http.routers.dashboard.entrypoints=websecure"
	- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
	- "traefik.http.routers.dashboard.service=api@internal"
	- "traefik.http.routers.dashboard.middlewares=auth"
	- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$5cC2nmbY$$XjxNjSePyxppoTPYaknkg/,test2:$$apr1$$mcz7SwSk$$Kh/y8TGuRX6hjDL4RosUB."
	#pwd: io echo $(htpasswd -nB test) \| sed -e s/\\$/\\$\\$/g

	command:
	#- "--log.level=DEBUG"
	- "--api.insecure=true"
	- "--providers.docker=true"
	- "--providers.docker.exposedbydefault=false"
	- "--entrypoints.websecure.address=:443"
	- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
	- "--certificatesresolvers.letsencrypt.acme.email=me@mydomain.com"
	- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
	- "--entrypoints.web.address=:80"
	- "--entrypoints.websecure.address=:443"
	#- "--serverstransport.insecureskipverify=true" # container exposing in self signedhttps
	- "--api.dashboard=true"
	#- "--providers.file.directory=/file-configs" # folder config to be tested
	#- "--providers.file.watch=true"

	ports:
	- "80:80"
	- "443:443"
	- "8080:8080"
	volumes:
	- "/var/run/docker.sock:/var/run/docker.sock:ro"
	- "traefik-letsencrypt:/letsencrypt"
	#- "/path/to/config/files:/file-configs" # folder config to be tested
	networks:
	- public-web

	# sample service
	whoami:
	image: "traefik/whoami"
	container_name: "sample-service"
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.whoami.rule=Host(`ping.mydomain.com`)"
	- "traefik.http.routers.whoami.entrypoints=web,websecure"
	- "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
	networks:
	- public-web

	networks:
	public-web:
	external: true

	# docker network create public-web

	volumes:
	traefik-letsencrypt:

	# docker compose --file ./traefik-stack.yaml -p traefik up -d