unbelauscht/docker-compose.yml

## docker-compose.yml
version: '3.7'
services:
  traefik:
    image: traefik:latest
    restart: always
    container_name: traefik
    command:
      #- --api.insecure=true
      #- --api.dashboard=true
      #- --api.debug=true
      #- --log.level=DEBUG
      - --providers.docker=true
      - --providers.docker.swarmMode=false
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=web
      - --entrypoints.web.address=:80
      - --entrypoints.web-secure.address=:443
      # curl -Ssq  https://www.cloudflare.com/ips-v4 | sed -z "s#\n#,#g"
      - --entrypoints.web-secure.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22
      - --certificatesresolvers.letsencrypt.acme.email=me@example.com
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.letsencrypt.acme.dnsChallenge.provider=cloudflare
      - --certificatesresolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=15
      # - --metrics.prometheus=true
      # - --entryPoints.metrics.address=:8082
      # - --metrics.prometheus.entryPoint=metrics
      # necessary for Server to Server Matrix federation
      - --serverstransport.insecureskipverify=true
    environment:
      # Your Cloudflare email address, required for Let's Encrypt
      CF_API_EMAIL: "me@example.com"
      # Your Cloudflare DNS API token, required for Let's Encrypt
      CF_DNS_API_TOKEN: "xxx"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./letsencrypt:/letsencrypt
    networks:
      - web
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    labels:
      - "traefik.enable=false"
      - "traefik.http.services.api.loadbalancer.server.port=8080"
      - "traefik.http.routers.api.entrypoints=web-secure"
      - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.tls=true"
      - "traefik.http.routers.api.tls.certresolver=letsencrypt"
networks:
  web:
    external: true
	version: '3.7'
	services:
	traefik:
	image: traefik:latest
	restart: always
	container_name: traefik
	command:
	#- --api.insecure=true
	#- --api.dashboard=true
	#- --api.debug=true
	#- --log.level=DEBUG
	- --providers.docker=true
	- --providers.docker.swarmMode=false
	- --providers.docker.exposedbydefault=false
	- --providers.docker.network=web
	- --entrypoints.web.address=:80
	- --entrypoints.web-secure.address=:443
	# curl -Ssq https://www.cloudflare.com/ips-v4 \| sed -z "s#\n#,#g"
	- --entrypoints.web-secure.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22
	- --certificatesresolvers.letsencrypt.acme.email=me@example.com
	- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
	- --certificatesresolvers.letsencrypt.acme.dnsChallenge.provider=cloudflare
	- --certificatesresolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=15
	# - --metrics.prometheus=true
	# - --entryPoints.metrics.address=:8082
	# - --metrics.prometheus.entryPoint=metrics
	# necessary for Server to Server Matrix federation
	- --serverstransport.insecureskipverify=true
	environment:
	# Your Cloudflare email address, required for Let's Encrypt
	CF_API_EMAIL: "me@example.com"
	# Your Cloudflare DNS API token, required for Let's Encrypt
	CF_DNS_API_TOKEN: "xxx"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	- ./letsencrypt:/letsencrypt
	networks:
	- web
	ports:
	- target: 80
	published: 80
	protocol: tcp
	mode: host
	- target: 443
	published: 443
	protocol: tcp
	mode: host
	labels:
	- "traefik.enable=false"
	- "traefik.http.services.api.loadbalancer.server.port=8080"
	- "traefik.http.routers.api.entrypoints=web-secure"
	- "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
	- "traefik.http.routers.api.service=api@internal"
	- "traefik.http.routers.api.tls=true"
	- "traefik.http.routers.api.tls.certresolver=letsencrypt"
	networks:
	web:
	external: true