Docker-Compose: Mastodon v3.0.1 with Traefik v2

## docker-compose.yml
version: '3'

# Variables to fill in:
# Line 22: <LETSENCRYPT_MAIL_ADDRESS> - your mail address for contact with Let's Encrypt
# Line 35: <TRAEFIK_DASHBOARD_ADMIN_PASSWORD> - MD5 hash of your password (use http://www.htaccesstools.com/htpasswd-generator/)
# Lines 30, 82, 106: <DOMAIN> - e.g. social.yourdomain.com (Must have an A record pointing to your box' IP) (AAAA for IPv6 ;)

services:
  traefik:
    image: traefik:v2.1
    container_name: "traefik"
    restart: always
    command:
#      - "--log.level=DEBUG"
      - "--api.dashboard=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=<LETSENCRYPT_MAIL_ADDRESS>"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    labels:
      - "traefik.enable=true"
      # Dashboard
      - "traefik.http.routers.traefik.rule=(Host(`<DOMAIN>`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)))"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.middlewares=dashboardauth"
      - "traefik.http.middlewares.dashboardauth.basicauth.users=admin:<TRAEFIK_DASHBOARD_ADMIN_PASSWORD>"
      # HTTPS Redirect
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt
    networks:
      - external_network

  db:
    restart: always
    image: postgres:9.6-alpine
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "postgres"]
    volumes:
      - ./postgres:/var/lib/postgresql/data
    networks:
      - internal_network

  redis:
    restart: always
    image: redis:5.0-alpine
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
    volumes:
      - ./redis:/data
    networks:
      - internal_network

  web:
    image: tootsuite/mastodon:v3.0.1
    restart: always
    env_file: .env.production
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
    expose:
      - "3000"
    depends_on:
      - db
      - redis
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mastodon-web.rule=Host(`<DOMAIN>`)"
      - "traefik.http.routers.mastodon-web.entrypoints=websecure"
      - "traefik.http.routers.mastodon-web.tls.certresolver=letsencrypt"
    volumes:
      - ./public/system:/mastodon/public/system
    networks:
      - external_network
      - internal_network

  streaming:
    image: tootsuite/mastodon:v3.0.1
    restart: always
    env_file: .env.production
    command: node ./streaming
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
    expose:
      - "4000"
    depends_on:
      - db
      - redis
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mastodon-streaming.rule=(Host(`<DOMAIN>`) && PathPrefix(`/api/v1/streaming`))"
      - "traefik.http.routers.mastodon-streaming.entrypoints=websecure"
      - "traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt"
    networks:
      - external_network
      - internal_network

  sidekiq:
    image: tootsuite/mastodon:v3.0.1
    restart: always
    env_file: .env.production
    command: bundle exec sidekiq
    depends_on:
      - db
      - redis
      - traefik
    volumes:
      - ./public/system:/mastodon/public/system
    networks:
      - external_network
      - internal_network

networks:
  external_network:
  internal_network:
    internal: true
	version: '3'

	# Variables to fill in:
	# Line 22: <LETSENCRYPT_MAIL_ADDRESS> - your mail address for contact with Let's Encrypt
	# Line 35: <TRAEFIK_DASHBOARD_ADMIN_PASSWORD> - MD5 hash of your password (use http://www.htaccesstools.com/htpasswd-generator/)
	# Lines 30, 82, 106: <DOMAIN> - e.g. social.yourdomain.com (Must have an A record pointing to your box' IP) (AAAA for IPv6 ;)

	services:
	traefik:
	image: traefik:v2.1
	container_name: "traefik"
	restart: always
	command:
	# - "--log.level=DEBUG"
	- "--api.dashboard=true"
	- "--entrypoints.web.address=:80"
	- "--entrypoints.websecure.address=:443"
	- "--providers.docker=true"
	- "--providers.docker.exposedbydefault=false"
	- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
	- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
	- "--certificatesresolvers.letsencrypt.acme.email=<LETSENCRYPT_MAIL_ADDRESS>"
	- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
	ports:
	- "80:80"
	- "443:443"
	labels:
	- "traefik.enable=true"
	# Dashboard
	- "traefik.http.routers.traefik.rule=(Host(`<DOMAIN>`) && (PathPrefix(`/api`) \|\| PathPrefix(`/dashboard`)))"
	- "traefik.http.routers.traefik.service=api@internal"
	- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
	- "traefik.http.routers.traefik.entrypoints=websecure"
	- "traefik.http.routers.traefik.middlewares=dashboardauth"
	- "traefik.http.middlewares.dashboardauth.basicauth.users=admin:<TRAEFIK_DASHBOARD_ADMIN_PASSWORD>"
	# HTTPS Redirect
	- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
	- "traefik.http.routers.http-catchall.entrypoints=web"
	- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
	- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- ./letsencrypt:/letsencrypt
	networks:
	- external_network

	db:
	restart: always
	image: postgres:9.6-alpine
	healthcheck:
	test: ["CMD", "pg_isready", "-U", "postgres"]
	volumes:
	- ./postgres:/var/lib/postgresql/data
	networks:
	- internal_network

	redis:
	restart: always
	image: redis:5.0-alpine
	healthcheck:
	test: ["CMD", "redis-cli", "ping"]
	volumes:
	- ./redis:/data
	networks:
	- internal_network

	web:
	image: tootsuite/mastodon:v3.0.1
	restart: always
	env_file: .env.production
	command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
	healthcheck:
	test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health \|\| exit 1"]
	expose:
	- "3000"
	depends_on:
	- db
	- redis
	- traefik
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.mastodon-web.rule=Host(`<DOMAIN>`)"
	- "traefik.http.routers.mastodon-web.entrypoints=websecure"
	- "traefik.http.routers.mastodon-web.tls.certresolver=letsencrypt"
	volumes:
	- ./public/system:/mastodon/public/system
	networks:
	- external_network
	- internal_network

	streaming:
	image: tootsuite/mastodon:v3.0.1
	restart: always
	env_file: .env.production
	command: node ./streaming
	healthcheck:
	test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health \|\| exit 1"]
	expose:
	- "4000"
	depends_on:
	- db
	- redis
	- traefik
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.mastodon-streaming.rule=(Host(`<DOMAIN>`) && PathPrefix(`/api/v1/streaming`))"
	- "traefik.http.routers.mastodon-streaming.entrypoints=websecure"
	- "traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt"
	networks:
	- external_network
	- internal_network

	sidekiq:
	image: tootsuite/mastodon:v3.0.1
	restart: always
	env_file: .env.production
	command: bundle exec sidekiq
	depends_on:
	- db
	- redis
	- traefik
	volumes:
	- ./public/system:/mastodon/public/system
	networks:
	- external_network
	- internal_network

	networks:
	external_network:
	internal_network:
	internal: true