okerx/gist:777180b9ab0bb883bbd7f4b8ac4ffdd6

## gistfile1.txt
version: '3.9'

services:
  reverse-proxy:
    image: traefik:v3.1
    command:
      - --api.insecure=true
      - --providers.swarm
      - --log.level=INFO
      - --providers.swarm.exposedByDefault=false
      - --providers.swarm.endpoint=unix:///var/run/docker.sock
      - --providers.swarm.network=traefik
      - --serversTransport.insecureSkipVerify=true
      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
      - --certificatesresolvers.letsencrypt.acme.email=<your email>
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      - --entrypoints.websecure.address=:443
      - --accesslog.filepath=/var/log/traefik/access.log
      - --ping
    ports:
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - letsencrypt:/letsencrypt
      - access_log:/var/log/traefik/
    secrets:
      - cf_api_token
    environment:
      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_api_token
    networks:
      - traefik
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - traefik.enable=true
        - traefik.http.routers.dashboard.tls=true
        - traefik.http.routers.dashboard.tls.certresolver=letsencrypt
        - traefik.http.routers.dashboard.rule=Host(`<dashboard domain>`)
        - traefik.http.routers.dashboard.service=api@internal
        - traefik.http.services.dummytraefiksvc.loadbalancer.server.port=9432
    healthcheck:
      test: ["CMD", "traefik", "healthcheck", "--ping"]
      interval: 5s
      timeout: 2s
      retries: 3
      start_period: 5s

volumes:
  letsencrypt:
  access_log:

secrets:
  cf_api_token:
    external: true

networks:
  traefik:
    external: true
	version: '3.9'

	services:
	reverse-proxy:
	image: traefik:v3.1
	command:
	- --api.insecure=true
	- --providers.swarm
	- --log.level=INFO
	- --providers.swarm.exposedByDefault=false
	- --providers.swarm.endpoint=unix:///var/run/docker.sock
	- --providers.swarm.network=traefik
	- --serversTransport.insecureSkipVerify=true
	- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
	- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
	- --certificatesresolvers.letsencrypt.acme.email=<your email>
	- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
	- --entrypoints.websecure.address=:443
	- --accesslog.filepath=/var/log/traefik/access.log
	- --ping
	ports:
	- "443:443"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- letsencrypt:/letsencrypt
	- access_log:/var/log/traefik/
	secrets:
	- cf_api_token
	environment:
	- CF_DNS_API_TOKEN_FILE=/run/secrets/cf_api_token
	networks:
	- traefik
	deploy:
	placement:
	constraints:
	- node.role == manager
	labels:
	- traefik.enable=true
	- traefik.http.routers.dashboard.tls=true
	- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
	- traefik.http.routers.dashboard.rule=Host(`<dashboard domain>`)
	- traefik.http.routers.dashboard.service=api@internal
	- traefik.http.services.dummytraefiksvc.loadbalancer.server.port=9432
	healthcheck:
	test: ["CMD", "traefik", "healthcheck", "--ping"]
	interval: 5s
	timeout: 2s
	retries: 3
	start_period: 5s

	volumes:
	letsencrypt:
	access_log:

	secrets:
	cf_api_token:
	external: true

	networks:
	traefik:
	external: true