first code commit

portainer deployment

.gitignore

@@ -0,0 +1,2 @@
+.env
+data

docker-compose.yml

@@ -0,0 +1,53 @@
+---
+services:
+  portainer:
+    image: portainer/portainer-ce:${PORTAINER_VERSION}
+    restart: unless-stopped
+    command: -H unix:///var/run/docker.sock
+    labels:
+      ### Section Træfik
+      - traefik.enable=${TRAEFIK_ENABLED}
+      - traefik.docker.network=${TRAEFIK_NETWORK}
+      ## HTTP
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
+      # redirect to HTTPS only
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=${TRAEFIK_HTTP_MIDDLEWARES}
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=${TRAEFIK_MATCHRULE}
+      ## HTTPS UI
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
+      # configure the exposed service
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=${TRAEFIK_HTTPS_MIDDLEWARES}
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=${TRAEFIK_MATCHRULE}
+      # enable TLS and its certificate provider
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=${TRAEFIK_TLSENABLED}
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=${TRAEFIK_CERTRESOLVER}
+      # specify a service so a custom port can be used
+      - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=${TRAEFIK_SERVICE_PORT}
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.service=${TRAEFIK_SERVICE}
+      ## HTTPS Edge
+      - traefik.http.routers.https-${TRAEFIK_EDGEROUTER}.entrypoints=https
+      # configure the exposed service
+      - traefik.http.routers.https-${TRAEFIK_EDGEROUTER}.middlewares=${TRAEFIK_HTTPS_MIDDLEWARES}
+      - traefik.http.routers.https-${TRAEFIK_EDGEROUTER}.rule=${TRAEFIK_EDGEMATCHRULE}
+      # enable TLS and its certificate provider
+      - traefik.http.routers.https-${TRAEFIK_EDGEROUTER}.tls=${TRAEFIK_TLSENABLED}
+      - traefik.http.routers.https-${TRAEFIK_EDGEROUTER}.tls.certresolver=${TRAEFIK_CERTRESOLVER}
+      # specify a service so a custom port can be used
+      - traefik.http.services.${TRAEFIK_EDGESERVICE}.loadbalancer.server.port=${TRAEFIK_EDGESERVICE_PORT}
+      - traefik.http.routers.https-${TRAEFIK_EDGEROUTER}.service=${TRAEFIK_EDGESERVICE}
+      ### Section Diun
+      - diun.enable=${DIUN_ENABLE}
+      - diun.watch_repo=${DIUN_WATCHREPO}
+      - diun.sort_tags=${DIUN_SORTALGO}
+      - diun.include_tags=${DIUN_INCLUDE}
+      - diun.exclude_tags=${DIUN_EXCLUDE}
+    networks:
+      - traefik
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${PORTAINER_DATA}:/data
+
+networks:
+  traefik:
+    external: true
+    name: ${TRAEFIK_NETWORK}

env.example

@@ -0,0 +1,26 @@
+# Træfik
+TRAEFIK_ENABLED=true
+TRAEFIK_NETWORK=traefik
+TRAEFIK_ROUTER=portainer_example_com
+TRAEFIK_SERVICE=portainer_example_com
+TRAEFIK_SERVICE_PORT=9000
+TRAEFIK_MATCHRULE=Host(`portainer.example.com`)
+TRAEFIK_EDGEROUTER=edge_portainer_example_com
+TRAEFIK_EDGESERVICE=edge_portainer_example_com
+TRAEFIK_EDGESERVICE_PORT=8000
+TRAEFIK_EDGEMATCHRULE=Host(`edge.portainer.example.com`)
+TRAEFIK_TLSENABLED=true
+TRAEFIK_CERTRESOLVER=letsencrypt
+TRAEFIK_HTTP_MIDDLEWARES=http-to-https
+TRAEFIK_HTTPS_MIDDLEWARES=hsts
+
+# Diun
+DIUN_ENABLE=true
+DIUN_WATCHREPO=true
+DIUN_SORTALGO=semver
+DIUN_INCLUDE=
+DIUN_EXCLUDE=
+
+# Portainer
+PORTAINER_VERSION=2.18.4-alpine
+PORTAINER_DATA=./data