Compare commits
No commits in common. "026fc917e96888db3ee266814de8860d8d0e2947" and "ccf95deedc353235bede5a23c73d6a14debcdcb4" have entirely different histories.
026fc917e9
...
ccf95deedc
@ -2,9 +2,6 @@ version: "3"
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
traefik:
|
traefik:
|
||||||
image: traefik:${TRAEFIK_VERSION}
|
|
||||||
container_name: ${TRAEFIK_CONTAINER_NAME}
|
|
||||||
restart: unless-stopped
|
|
||||||
command:
|
command:
|
||||||
# when debugging is needed
|
# when debugging is needed
|
||||||
- --accesslog=${TRAEFIK_ACCESSLOG}
|
- --accesslog=${TRAEFIK_ACCESSLOG}
|
||||||
@ -28,11 +25,13 @@ services:
|
|||||||
# and we want to manually specify exposed containers
|
# and we want to manually specify exposed containers
|
||||||
- --providers.docker.exposedbydefault=false
|
- --providers.docker.exposedbydefault=false
|
||||||
- --providers.docker.watch=true
|
- --providers.docker.watch=true
|
||||||
# should not need, but just in case, a folder for dynamic config files is also configured
|
# should not need, but just in case, a dynamic config file is also configured
|
||||||
- --providers.file.directory=/config
|
- --providers.file.directory=/dynamic-config
|
||||||
- --providers.file.watch=true
|
- --providers.file.watch=true
|
||||||
|
container_name: ${TRAEFIK_CONTAINER_NAME}
|
||||||
environment:
|
environment:
|
||||||
- HETZNER_API_KEY=${HETZNER_API_KEY}
|
- HETZNER_API_KEY=${HETZNER_API_KEY}
|
||||||
|
image: traefik:${TRAEFIK_VERSION}
|
||||||
labels:
|
labels:
|
||||||
# expose Træfik using Træfik (dashboard)
|
# expose Træfik using Træfik (dashboard)
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
@ -42,34 +41,34 @@ services:
|
|||||||
- traefik.http.middlewares.http-to-https.redirectscheme.scheme=https
|
- traefik.http.middlewares.http-to-https.redirectscheme.scheme=https
|
||||||
- traefik.http.middlewares.http-to-https.redirectscheme.permanent=true
|
- traefik.http.middlewares.http-to-https.redirectscheme.permanent=true
|
||||||
### Section HTTP
|
### Section HTTP
|
||||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
|
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.entrypoints=http
|
||||||
# only some people can access the dashboard, hence protect it with it's whitelist
|
# only some people can access the dashboard, hence protect it with it's whitelist
|
||||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
|
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.middlewares=dashboard-whitelist
|
||||||
# redirect Træfik dashboard to HTTPS only
|
# redirect Træfik dashboard to HTTPS only
|
||||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
|
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.middlewares=http-to-https
|
||||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
|
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.rule=Host(`${TRAEFIK_MATCHRULE}`)
|
||||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.service=api@internal
|
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.service=api@internal
|
||||||
### Section HTTPS
|
### Section HTTPS
|
||||||
- traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
|
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.entrypoints=https
|
||||||
# only some people can access the dashboard, hence protect it with it's whitelist
|
# only some people can access the dashboard, hence protect it with it's whitelist
|
||||||
- traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
|
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.middlewares=dashboard-whitelist
|
||||||
# configure Træfik dashboard to be the exposed service
|
# configure Træfik dashboard to be the exposed service
|
||||||
- traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
|
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.rule=Host(`${TRAEFIK_MATCHRULE}`)
|
||||||
- traefik.http.routers.https-${TRAEFIK_ROUTER}.service=api@internal
|
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.service=api@internal
|
||||||
# of course, enable TLS and it's certificate provider
|
# of course, enable TLS and it's certificate provider
|
||||||
- traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=true
|
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.tls=true
|
||||||
- traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=letsencrypt
|
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.tls.certresolver=letsencrypt
|
||||||
networks:
|
networks:
|
||||||
- traefik
|
- traefik-proxy
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
- ./config:/config:ro
|
- ./config:/dynamic-config:ro
|
||||||
- ./le-certs.json:/le-certs.json
|
- ./le-certs.json:/le-certs.json
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
traefik:
|
traefik-proxy:
|
||||||
external: true
|
external: true
|
||||||
name: ${TRAEFIK_NETWORK}
|
|
||||||
|
|||||||
@ -1,8 +1,7 @@
|
|||||||
TRAEFIK_VERSION=2.4
|
TRAEFIK_VERSION=2.4
|
||||||
TRAEFIK_CONTAINER_NAME=traefik.mydomain.com
|
TRAEFIK_CONTAINER_NAME=traefik.mydomain.com
|
||||||
TRAEFIK_MATCHRULE=traefik.mydomain.com
|
TRAEFIK_MATCHRULE=traefik.mydomain.com
|
||||||
TRAEFIK_ROUTER=traefik_mydomain_com
|
TRAEFIK_ROUTER_NAME=traefik_mydomain_com
|
||||||
TRAEFIK_NETWORK=traefik-proxy
|
|
||||||
TRAEFIK_LOGLEVEL=INFO
|
TRAEFIK_LOGLEVEL=INFO
|
||||||
TRAEFIK_PILOT_TOKEN=
|
TRAEFIK_PILOT_TOKEN=
|
||||||
TRAEFIK_DASHBOARD_WHITELIST=1.2.3.4/24
|
TRAEFIK_DASHBOARD_WHITELIST=1.2.3.4/24
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user