Skip to content

Instantly share code, notes, and snippets.

@zaverden
Created May 4, 2022 04:49
Show Gist options
  • Save zaverden/7ecbbd43c89f4095c487cfd6b3f7f0dd to your computer and use it in GitHub Desktop.
Save zaverden/7ecbbd43c89f4095c487cfd6b3f7f0dd to your computer and use it in GitHub Desktop.
networks:
http-entry:
external: true
secrets:
namecheap-api-key:
file: /secrets/namecheap-api-key.secret
services:
traefik:
image: traefik:2.6
restart: always
logging:
options:
max-size: 100m
networks:
- http-entry
ports:
- '80:80'
- '443:443'
extra_hosts:
- host.docker.internal:host-gateway
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./certificates:/certificates
- ./sites:/sites
command:
# https://doc.traefik.io/traefik/v2.6/operations/dashboard/
- --api.dashboard=true
# https://doc.traefik.io/traefik/v2.6/observability/logs/
- --log.format=json
- --log.level=DEBUG
# https://doc.traefik.io/traefik/v2.6/observability/access-logs
- --accessLog=true
- --accessLog.format=json
# https://doc.traefik.io/traefik/v2.6/providers/docker
- --providers.docker=true
# network must be specified because containers will have multiple networks attached
# details: https://github.com/traefik/traefik/issues/1156#issuecomment-287387666
- --providers.docker.network=http-entry
- --providers.docker.exposedByDefault=false
# https://doc.traefik.io/traefik/v2.6/providers/file
- --providers.file=true
- --providers.file.directory=/sites
- --providers.file.watch=true
# Port 80 is only to redirect to 443
# https://doc.traefik.io/traefik/v2.6/routing/entrypoints/#redirection
- --entryPoints.web80.address=:80
- --entryPoints.web80.http.redirections.entryPoint.permanent=true
- --entryPoints.web80.http.redirections.entryPoint.scheme=https
- --entryPoints.web80.http.redirections.entryPoint.to=web443
# Port 443 is configured to use default wildcard certificate
- --entryPoints.web443.address=:443
- --entryPoints.web443.http.tls=true
- --entryPoints.web443.http.tls.certResolver=le-dns
- --entrypoints.web443.http.tls.domains[0].main=${D}
- --entrypoints.web443.http.tls.domains[0].sans=*.${D},*.dev.${D},*.qa.${D},*.demo.${D}
- --entrypoints.web443.http.middlewares=error-502@docker
# Wildcard certificates can only be verified through a DNS-01 challenge
# See more: https://doc.traefik.io/traefik/v2.6/https/acme/#dnschallenge
- --certificatesResolvers.le-dns.acme.email=letsencrypt@aspirity.com
- --certificatesResolvers.le-dns.acme.storage=/certificates/acme-dns.json
- --certificatesResolvers.le-dns.acme.dnschallenge=true
- --certificatesResolvers.le-dns.acme.dnschallenge.provider=namecheap
secrets:
- namecheap-api-key
environment:
NAMECHEAP_API_USER: ${NAMECHEAP_API_USER}
NAMECHEAP_API_KEY_FILE: /run/secrets/namecheap-api-key
labels:
traefik.enable: 'true'
traefik.http.routers.traefik.rule: Host(`traefik.${D}`)
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.traefik.entrypoints: web443
traefik.http.routers.traefik.priority: 9999
traefik.http.routers.traefik.middlewares: traefik-auth
# docker run --entrypoint htpasswd httpd:2 -Bbn <USERNAME> <PASSWORD>
traefik.http.middlewares.traefik-auth.basicauth.users: ${TRAEFIK_BASIC_AUTH}
error-pages:
image: nginx:1.21
restart: always
logging:
options:
max-size: 100m
networks:
- http-entry
volumes:
- ./error-pages/pages:/usr/share/nginx/html:ro
- ./error-pages/nginx.conf:/etc/nginx/nginx.conf:ro
- ./error-pages/default.conf:/etc/nginx/conf.d/default.conf:ro
labels:
traefik.enable: 'true'
traefik.http.routers.ingres-error-pages.rule: PathPrefix(`/`)
traefik.http.routers.ingres-error-pages.priority: 1
traefik.http.services.ingres-error-pages.loadbalancer.server.port: 80
traefik.http.middlewares.error-502.errors.status: 502
traefik.http.middlewares.error-502.errors.service: ingres-error-pages
traefik.http.middlewares.error-502.errors.query: /{status}.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment