Skip to content

Instantly share code, notes, and snippets.

@ratnose
Created February 16, 2022 21:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ratnose/ef5ffa360da6e01b1666238c1ed17aa4 to your computer and use it in GitHub Desktop.
Save ratnose/ef5ffa360da6e01b1666238c1ed17aa4 to your computer and use it in GitHub Desktop.
docker-compose:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=${CLOUDFLARE_MAIL}
- CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN}
# - CF_API_KEY=YOU_API_KEY
# be sure to use the correct one depending on if you are using a token or key
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./appdata/traefik/traefik.yml:/traefik.yml:ro
- ./appdata/traefik/acme.json:/acme.json
#- ./appdata/traefik/config.yml:/config.yml:ro
labels:
- traefik.enable=true
- traefik.http.routers.traefik.entrypoints=http
- traefik.http.routers.traefik.rule=Host(`trafdash.domain.io`)
- traefik.http.middlewares.traefik-auth.basicauth.users=user:password
- traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.traefik.middlewares=traefik-https-redirect
- traefik.http.routers.traefik-secure.entrypoints=https
- traefik.http.routers.traefik-secure.rule=Host(`trafdash.domain.io`)
- traefik.http.routers.traefik-secure.middlewares=traefik-auth
- traefik.http.routers.traefik-secure.tls=true
- traefik.http.routers.traefik-secure.tls.certresolver=cloudflare
- traefik.http.routers.traefik-secure.tls.domains[0].main=domain.io
- traefik.http.routers.traefik-secure.tls.domains[0].sans=*.domain.io
- traefik.http.routers.traefik-secure.service=api@internal
read_only: true
traefik.yml:
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
watch: true
#Havn't got one atm it is just an empty file.
certificatesResolvers:
cloudflare:
acme:
email: my_cloudflare@email.com
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
@ratnose
Copy link
Author

ratnose commented Feb 16, 2022

network and label for docker containers in the same docker-compose file.
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.heimdall-https.rule=Host(start.domain.io)
- traefik.http.routers.heimdall-https.entrypoints=https
- traefik.http.routers.heimdall-https.tls=true
- traefik.http.routers.heimdall-https.tls.certresolver=cloudflare
- traefik.http.routers.heimdall-https.service=heimdall
- traefik.http.services.heimdall.loadbalancer.server.port=80

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment