Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# docker-compose.yml
version: "3.5"
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.toml:/etc/traefik/traefik.toml:ro
- ./data/dynamic_conf.toml:/etc/traefik/dynamic_conf.toml:ro
- ./tls-certificates:/tls-certificates
env_file:
- ./data/.env
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.traefik.entrypoints=web"
- "traefik.http.routers.traefik.rule=Host(`traefik.pomazan.xyz`)"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.pomazan.xyz`)"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.middlewares=auth"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$QITSytmJ$$NPpmhSb5zwJbj0uLH8lpH/"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=pomazan.xyz"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.pomazan.xyz"
networks:
proxy:
external: true
# traefik.toml
defaultEntryPoints = ["web", "websecure"]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
network = "proxy"
exposedbydefault = false
[providers.file]
watch = true
filename = "/etc/traefik/dynamic_conf.toml"
[api]
dashboard = true
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.cloudflare.acme]
email = "pomazan.bogdan@gmail.com"
storage = "/tls-certificates/acme.json"
[certificatesResolvers.cloudflare.acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 0
resolvers = ["1.1.1.1:53"]
[certificatesResolvers.http.acme]
email = "pomazan.bogdan@gmail.com"
storage = "/tls-certificates/acme.json"
[certificatesResolvers.http.acme.httpChallenge]
entryPoint = "web"
[metrics]
[metrics.prometheus]
[log]
level = "INFO"
[retry]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment