Created
February 3, 2023 13:36
-
-
Save unbelauscht/bc0e94926c41fc8d793b5c6b7b6ef730 to your computer and use it in GitHub Desktop.
docker-compose.yml with Cloudflare and Let's Encrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.7' | |
services: | |
traefik: | |
image: traefik:latest | |
restart: always | |
container_name: traefik | |
command: | |
#- --api.insecure=true | |
#- --api.dashboard=true | |
#- --api.debug=true | |
#- --log.level=DEBUG | |
- --providers.docker=true | |
- --providers.docker.swarmMode=false | |
- --providers.docker.exposedbydefault=false | |
- --providers.docker.network=web | |
- --entrypoints.web.address=:80 | |
- --entrypoints.web-secure.address=:443 | |
# curl -Ssq https://www.cloudflare.com/ips-v4 | sed -z "s#\n#,#g" | |
- --entrypoints.web-secure.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22 | |
- --certificatesresolvers.letsencrypt.acme.email=me@example.com | |
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json | |
- --certificatesresolvers.letsencrypt.acme.dnsChallenge.provider=cloudflare | |
- --certificatesresolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=15 | |
# - --metrics.prometheus=true | |
# - --entryPoints.metrics.address=:8082 | |
# - --metrics.prometheus.entryPoint=metrics | |
# necessary for Server to Server Matrix federation | |
- --serverstransport.insecureskipverify=true | |
environment: | |
# Your Cloudflare email address, required for Let's Encrypt | |
CF_API_EMAIL: "me@example.com" | |
# Your Cloudflare DNS API token, required for Let's Encrypt | |
CF_DNS_API_TOKEN: "xxx" | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- ./letsencrypt:/letsencrypt | |
networks: | |
- web | |
ports: | |
- target: 80 | |
published: 80 | |
protocol: tcp | |
mode: host | |
- target: 443 | |
published: 443 | |
protocol: tcp | |
mode: host | |
labels: | |
- "traefik.enable=false" | |
- "traefik.http.services.api.loadbalancer.server.port=8080" | |
- "traefik.http.routers.api.entrypoints=web-secure" | |
- "traefik.http.routers.api.rule=Host(`traefik.example.com`)" | |
- "traefik.http.routers.api.service=api@internal" | |
- "traefik.http.routers.api.tls=true" | |
- "traefik.http.routers.api.tls.certresolver=letsencrypt" | |
networks: | |
web: | |
external: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment