Created
November 24, 2020 15:45
-
-
Save p0rkjello/e2fafd2a24c901bb2f30f674203ff0c6 to your computer and use it in GitHub Desktop.
docker-compose
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.5" | |
networks: | |
default: | |
external: | |
name: proxy | |
services: | |
traefik: | |
image: traefik:${TRAEFIK_VERSION:-latest} | |
container_name: traefik | |
command: | |
# Logs | |
- --log.level=INFO | |
- --log.filePath=/logs/traefik.log | |
- --accessLog.filePath=/logs/access.log | |
- --accessLog.bufferingSize=100 | |
# Global | |
- --api=true | |
- --api.dashboard=true | |
- --global.sendAnonymousUsage=false | |
# Docker | |
- --providers.docker=true | |
- --providers.docker.exposedbydefault=false | |
- --providers.docker.endpoint=unix:///var/run/docker.sock | |
# Entrypoints | |
- --entrypoints.web.address=:80 | |
- --entrypoints.websecure.address=:443 | |
- --entrypoints.websecure.http.tls.certresolver=letsEncrypt | |
# LetsEncrypt | |
- --certificatesresolvers.letsEncrypt.acme.dnschallenge=true | |
- --certificatesresolvers.letsEncrypt.acme.email=${CLOUDFLARE_EMAIL} | |
- --certificatesresolvers.letsEncrypt.acme.dnschallenge.provider=cloudflare | |
# Staging server | |
# - --certificatesresolvers.letsEncrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory | |
- --certificatesresolvers.letsEncrypt.acme.storage=/etc/traefik/acme.json | |
ports: | |
- "80:80" | |
- "443:443" | |
environment: | |
- CF_API_EMAIL=${CLOUDFLARE_EMAIL} | |
- CF_API_KEY=${CLOUDFLARE_API_KEY} | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- ${CONTAINER_HOME:-.}/traefik/acme.json:/etc/traefik/acme.json | |
- ${CONTAINER_HOME:-.}/traefik/logs:/logs | |
labels: | |
# api | |
- traefik.enable=true | |
# middleware redirect | |
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https | |
# redirection HTTP to HTTPS | |
- traefik.http.routers.http_catchall.rule=hostregexp(`{host:.+}`) | |
- traefik.http.routers.http_catchall.entrypoints=web | |
- traefik.http.routers.http_catchall.middlewares=redirect-to-https | |
- traefik.http.routers.traefik.tls.certresolver=letsEncrypt | |
- traefik.http.routers.traefik.tls.domains[0].main=${DOMAINNAME} | |
- traefik.http.routers.traefik.tls.domains[0].sans=*.${DOMAINNAME} | |
# dashboard | |
- traefik.http.routers.traefik.rule=Host(`traefik.${DOMAINNAME}`) | |
- traefik.http.routers.traefik.entrypoints=websecure | |
- traefik.http.routers.traefik.service=api@internal | |
- traefik.http.routers.traefik.tls=true | |
restart: unless-stopped | |
watchtower: | |
image: containrrr/watchtower:${WATCHTOWER_VERSION:-latest} | |
container_name: watchtower | |
command: --label-enable --cleanup --interval 86400 | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
labels: | |
# watchtower | |
- com.centurylinklabs.watchtower.enable=true | |
restart: unless-stopped | |
whoami: | |
image: traefik/whoami:${WHOAMI_VERSION:-latest} | |
container_name: whoami | |
labels: | |
- traefik.enable=true | |
- traefik.http.routers.whoami.rule=Host(`whoami.${DOMAINNAME}`) | |
- traefik.http.routers.whoami.tls=true | |
- traefik.http.routers.whoami.tls.certresolver=letsEncrypt | |
unifi: | |
image: linuxserver/unifi-controller:${UNIFI_VERSION:-latest} | |
container_name: unifi | |
ports: | |
- "3478/udp" | |
- "10001/udp" | |
- "8080" | |
- "8443" | |
environment: | |
- PUID=${PUID} | |
- PGID=${PGID} | |
- TZ=${TZ} | |
volumes: | |
- ${CONTAINER_HOME:-.}/unifi/config:/config | |
labels: | |
# traefik | |
- traefik.enable=true | |
- traefik.http.routers.unifi.rule=Host(`unifi.${DOMAINNAME}`) | |
- traefik.http.routers.unifi.entrypoints=websecure | |
- traefik.http.routers.unifi.tls=true | |
- traefik.http.routers.unifi.tls.certresolver=letsEncrypt | |
- traefik.http.services.unifi.loadbalancer.server.scheme=https | |
- traefik.http.services.unifi.loadbalancer.server.port=8443 | |
# watchtower | |
- com.centurylinklabs.watchtower.enable=true | |
restart: unless-stopped | |
portainer: | |
image: portainer/portainer:${PORTAINER_VERSION:-latest} | |
container_name: portainer | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- ${CONTAINER_HOME:-.}/portainer/data:/data | |
labels: | |
# traefik | |
- traefik.enable=true | |
- traefik.http.routers.portainer.rule=Host(`portainer.${DOMAINNAME}`) | |
- traefik.http.routers.portainer.tls=true | |
- traefik.http.routers.portainer.tls.certresolver=letsEncrypt | |
# watchtower | |
- com.centurylinklabs.watchtower.enable=true | |
restart: unless-stopped | |
teamcity: | |
image: jetbrains/teamcity-server:${TEAMCITY_VERSION:-latest} | |
container_name: teamcity | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- ${CONTAINER_HOME:-.}/teamcity/data:/data/teamcity_server/datadir | |
- ${CONTAINER_HOME:-.}/teamcity/logs:/opt/teamcity/logs | |
labels: | |
# traefik | |
- traefik.enable=true | |
- traefik.http.routers.teamcity.rule=Host(`teamcity.${DOMAINNAME}`) | |
- traefik.http.routers.teamcity.tls=true | |
- traefik.http.routers.teamcity.tls.certresolver=letsEncrypt | |
# watchtower | |
- com.centurylinklabs.watchtower.enable=true | |
restart: unless-stopped | |
rancher: | |
image: rancher/rancher:${RANCHER_VERSION:-latest} | |
container_name: rancher | |
privileged: true | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
ports: | |
- "80" | |
- "443" | |
labels: | |
# traefik | |
- traefik.enable=true | |
- traefik.http.routers.rancher.rule=Host(`rancher.${DOMAINNAME}`) | |
- traefik.http.routers.rancher.tls=true | |
- traefik.http.routers.rancher.tls.certresolver=letsEncrypt | |
# watchtower | |
- com.centurylinklabs.watchtower.enable=true | |
restart: unless-stopped |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment