Skip to content

Instantly share code, notes, and snippets.

@natcl

natcl/docker-compose.yaml

Last active February 1, 2024 15:02
Show Gist options
  • Star 32 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save natcl/ed8253a34e7b87d879baabeba82cb846 to your computer and use it in GitHub Desktop.
Save natcl/ed8253a34e7b87d879baabeba82cb846 to your computer and use it in GitHub Desktop.
Download ZIP
traefik: node-red + mosquitto using letsencrypt
Raw
docker-compose.yaml
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--api=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
# Entrypoints
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.mqtt.address=:8883"
# Redirect http to https
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
# Let's encrypt configuration
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=email@host.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8883:8883"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.zoo.ocean.mofa.studio`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls.certresolver=myresolver"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.zoo.ocean.mofa.studio`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
mqtt:
image: "eclipse-mosquitto"
container_name: "mosquitto"
expose:
- "8883"
- "9001"
volumes:
- "./mosquitto.conf:/mosquitto/config/mosquitto.conf"
labels:
- "traefik.enable=true"
- "traefik.http.routers.mqtt.rule=Host(`mqtt.zoo.ocean.mofa.studio`)"
- "traefik.http.routers.mqtt.entrypoints=websecure"
- "traefik.http.routers.mqtt.tls.certresolver=myresolver"
- "traefik.tcp.routers.mqtt.rule=HostSNI(`*`)"
- "traefik.tcp.routers.mqtt.tls.certresolver=myresolver"
- "traefik.tcp.services.mqtt.loadbalancer.server.port=8883"
- "traefik.tcp.routers.mqtt.entrypoints=mqtt"
- "traefik.http.services.mqtt.loadbalancer.server.port=9001"
nodered:
image: "nodered/node-red"
container_name: "nodered"
labels:
- "traefik.enable=true"
- "traefik.http.routers.nodered.rule=Host(`nodered.zoo.ocean.mofa.studio`)"
- "traefik.http.routers.nodered.entrypoints=websecure"
- "traefik.http.routers.nodered.tls.certresolver=myresolver"
- "traefik.http.services.nodered.loadbalancer.server.port=1880"
Raw
mosquitto.conf
port 8883
listener 9001
protocol websockets
@natcl
Copy link
Author

natcl commented Oct 10, 2023

@iboluda The 8883 entry point is for TCP connections while the 443 is for web sockets, does that answer your question ?

@iboluda
Copy link

iboluda commented Oct 10, 2023

Thanks for clarify me that point. Yes that answer my question

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment