scodx/config.yml

## config.yml
# place this file in the `config` folder

http:
  services:
  # the urls must be accesible from the traefik installation, either native or as a container
    rundeck:
      loadBalancer:
        servers:
          - url: http://172.17.0.1:4440
    php-tt:
      loadBalancer:
        servers:
          - url: http://172.17.0.1:2211

http:
  routers:
    rundeck:
      entryPoints:
        - websecure
      rule: "Host(`rundeck.domain`)"
      service: rundeck
      tls:
        certResolver: leresolver

    php-tt:
      entryPoints:
        # - web
        - websecure
      rule: "Host(`php-tt.domain.com`)"
      service: php-tt
      tls:
        certResolver: leresolver
  # middlewares:
  #   php-tt:
  #     headers:
  #       sslRedirect: true
  #       stsSeconds: 315360000
  #       browserXssFilter: true
  #       contentTypeNosniff: true
  #       forceSTSHeader: true
  #       sslHost: domain.com

## docker-compose.yml
version: "3"

services:
  traefik:
    image: "traefik:v2.1"
    command:
      # Enable this for.... debugging.
      #- --log.level=DEBUG
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --api
      - --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.leresolver.acme.email=email@mail.com
      - --certificatesresolvers.leresolver.acme.storage=/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
      # this is to load a dynamic config file
      - --providers.file.directory=/config
      - --providers.file.filename=config.yml
      - --providers.file.watch=true
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./acme.json:/acme.json"
      - "./config/:/config/"
    labels:
      # Dashboard
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=leresolver"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.middlewares=authtraefik"
      # passwords here must be double escaped: `$$`
      - "traefik.http.middlewares.authtraefik.basicauth.users=scodx:$$apr1$$vYd29dR4$$OMbGnCugIN/MIXawbcND91" # user/password
      # - "traefik.http.middlewares.authtraefik.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password

      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

  n8n:
    image: n8nio/n8n
    ports:
      - "5678:5678"
    labels:
      - "traefik.http.routers.n8n.rule=Host(`n8n.domain.com`)"
      - "traefik.http.routers.n8n.entrypoints=websecure"
      - "traefik.http.routers.n8n.tls=true"
      - "traefik.http.routers.n8n.tls.certresolver=leresolver"
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=domain.com
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=user
      - N8N_BASIC_AUTH_PASSWORD=password
      - N8N_HOST=n8n.domain.com
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_TUNNEL_URL=https://n8n.domain.com/
      - VUE_APP_URL_BASE_API=https://n8n.domain.com/
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /.n8n:/root/.n8n


  whoami:
    image: containous/whoami:v1.3.0
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.domain.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls=true"
      - "traefik.http.routers.whoami.tls.certresolver=leresolver"
      #- "traefik.http.routers.my-app.middlewares=auth"
      # - "traefik.http.middlewares.auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password

# Dashboard (https://localhost:8080)
# Route
# Basic auth (login: user | password: password)
# Let's Encrypt (https://whoami.docker.localhost/)
# Global HTTP to HTTPS redirection (http://whoami.docker.localhost/)
# Dashboard [api@internal]
# Dashboard [api@internal] + Basic auth (login: user | password: password)
# Dashboard [api@internal] + TLS (https://traefik.docker.localhost/)

# touch acme.json; chmod 600 acme.json
	# place this file in the `config` folder

	http:
	services:
	# the urls must be accesible from the traefik installation, either native or as a container
	rundeck:
	loadBalancer:
	servers:
	- url: http://172.17.0.1:4440
	php-tt:
	loadBalancer:
	servers:
	- url: http://172.17.0.1:2211

	http:
	routers:
	rundeck:
	entryPoints:
	- websecure
	rule: "Host(`rundeck.domain`)"
	service: rundeck
	tls:
	certResolver: leresolver

	php-tt:
	entryPoints:
	# - web
	- websecure
	rule: "Host(`php-tt.domain.com`)"
	service: php-tt
	tls:
	certResolver: leresolver
	# middlewares:
	# php-tt:
	# headers:
	# sslRedirect: true
	# stsSeconds: 315360000
	# browserXssFilter: true
	# contentTypeNosniff: true
	# forceSTSHeader: true
	# sslHost: domain.com
	version: "3"

	services:
	traefik:
	image: "traefik:v2.1"
	command:
	# Enable this for.... debugging.
	#- --log.level=DEBUG
	- --entrypoints.web.address=:80
	- --entrypoints.websecure.address=:443
	- --providers.docker
	- --api
	- --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
	- --certificatesresolvers.leresolver.acme.email=email@mail.com
	- --certificatesresolvers.leresolver.acme.storage=/acme.json
	- --certificatesresolvers.leresolver.acme.tlschallenge=true
	# this is to load a dynamic config file
	- --providers.file.directory=/config
	- --providers.file.filename=config.yml
	- --providers.file.watch=true
	ports:
	- "80:80"
	- "443:443"
	volumes:
	- "/var/run/docker.sock:/var/run/docker.sock:ro"
	- "./acme.json:/acme.json"
	- "./config/:/config/"
	labels:
	# Dashboard
	- "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
	- "traefik.http.routers.traefik.service=api@internal"
	- "traefik.http.routers.traefik.tls.certresolver=leresolver"
	- "traefik.http.routers.traefik.entrypoints=websecure"
	- "traefik.http.routers.traefik.middlewares=authtraefik"
	# passwords here must be double escaped: `$$`
	- "traefik.http.middlewares.authtraefik.basicauth.users=scodx:$$apr1$$vYd29dR4$$OMbGnCugIN/MIXawbcND91" # user/password
	# - "traefik.http.middlewares.authtraefik.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password

	# global redirect to https
	- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
	- "traefik.http.routers.http-catchall.entrypoints=web"
	- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

	# middleware redirect
	- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

	n8n:
	image: n8nio/n8n
	ports:
	- "5678:5678"
	labels:
	- "traefik.http.routers.n8n.rule=Host(`n8n.domain.com`)"
	- "traefik.http.routers.n8n.entrypoints=websecure"
	- "traefik.http.routers.n8n.tls=true"
	- "traefik.http.routers.n8n.tls.certresolver=leresolver"
	- traefik.http.middlewares.n8n.headers.SSLRedirect=true
	- traefik.http.middlewares.n8n.headers.STSSeconds=315360000
	- traefik.http.middlewares.n8n.headers.browserXSSFilter=true
	- traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
	- traefik.http.middlewares.n8n.headers.forceSTSHeader=true
	- traefik.http.middlewares.n8n.headers.SSLHost=domain.com
	- traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
	- traefik.http.middlewares.n8n.headers.STSPreload=true
	environment:
	- N8N_BASIC_AUTH_ACTIVE=true
	- N8N_BASIC_AUTH_USER=user
	- N8N_BASIC_AUTH_PASSWORD=password
	- N8N_HOST=n8n.domain.com
	- N8N_PORT=5678
	- N8N_PROTOCOL=https
	- NODE_ENV=production
	- WEBHOOK_TUNNEL_URL=https://n8n.domain.com/
	- VUE_APP_URL_BASE_API=https://n8n.domain.com/
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- /.n8n:/root/.n8n


	whoami:
	image: containous/whoami:v1.3.0
	labels:
	- "traefik.http.routers.whoami.rule=Host(`whoami.domain.com`)"
	- "traefik.http.routers.whoami.entrypoints=websecure"
	- "traefik.http.routers.whoami.tls=true"
	- "traefik.http.routers.whoami.tls.certresolver=leresolver"
	#- "traefik.http.routers.my-app.middlewares=auth"
	# - "traefik.http.middlewares.auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password

	# Dashboard (https://localhost:8080)
	# Route
	# Basic auth (login: user \| password: password)
	# Let's Encrypt (https://whoami.docker.localhost/)
	# Global HTTP to HTTPS redirection (http://whoami.docker.localhost/)
	# Dashboard [api@internal]
	# Dashboard [api@internal] + Basic auth (login: user \| password: password)
	# Dashboard [api@internal] + TLS (https://traefik.docker.localhost/)

	# touch acme.json; chmod 600 acme.json