Compare commits

..

3 Commits

2 changed files with 22 additions and 20 deletions

View File

@ -2,6 +2,9 @@ version: "3"
services:
traefik:
image: traefik:${TRAEFIK_VERSION}
container_name: ${TRAEFIK_CONTAINER_NAME}
restart: unless-stopped
command:
# when debugging is needed
- --accesslog=${TRAEFIK_ACCESSLOG}
@ -25,13 +28,11 @@ services:
# and we want to manually specify exposed containers
- --providers.docker.exposedbydefault=false
- --providers.docker.watch=true
# should not need, but just in case, a dynamic config file is also configured
- --providers.file.directory=/dynamic-config
# should not need, but just in case, a folder for dynamic config files is also configured
- --providers.file.directory=/config
- --providers.file.watch=true
container_name: ${TRAEFIK_CONTAINER_NAME}
environment:
- HETZNER_API_KEY=${HETZNER_API_KEY}
image: traefik:${TRAEFIK_VERSION}
labels:
# expose Træfik using Træfik (dashboard)
- traefik.enable=true
@ -41,34 +42,34 @@ services:
- traefik.http.middlewares.http-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.http-to-https.redirectscheme.permanent=true
### Section HTTP
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.entrypoints=http
- traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
# only some people can access the dashboard, hence protect it with it's whitelist
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.middlewares=dashboard-whitelist
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
# redirect Træfik dashboard to HTTPS only
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.middlewares=http-to-https
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.rule=Host(`${TRAEFIK_MATCHRULE}`)
- traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.service=api@internal
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
- traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
- traefik.http.routers.http-${TRAEFIK_ROUTER}.service=api@internal
### Section HTTPS
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.entrypoints=https
- traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
# only some people can access the dashboard, hence protect it with it's whitelist
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.middlewares=dashboard-whitelist
- traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
# configure Træfik dashboard to be the exposed service
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.rule=Host(`${TRAEFIK_MATCHRULE}`)
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.service=api@internal
- traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
- traefik.http.routers.https-${TRAEFIK_ROUTER}.service=api@internal
# of course, enable TLS and it's certificate provider
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.tls=true
- traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.tls.certresolver=letsencrypt
- traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=true
- traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=letsencrypt
networks:
- traefik-proxy
- traefik
ports:
- 80:80
- 443:443
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config:/dynamic-config:ro
- ./config:/config:ro
- ./le-certs.json:/le-certs.json
networks:
traefik-proxy:
traefik:
external: true
name: ${TRAEFIK_NETWORK}

View File

@ -1,7 +1,8 @@
TRAEFIK_VERSION=2.4
TRAEFIK_CONTAINER_NAME=traefik.mydomain.com
TRAEFIK_MATCHRULE=traefik.mydomain.com
TRAEFIK_ROUTER_NAME=traefik_mydomain_com
TRAEFIK_ROUTER=traefik_mydomain_com
TRAEFIK_NETWORK=traefik-proxy
TRAEFIK_LOGLEVEL=INFO
TRAEFIK_PILOT_TOKEN=
TRAEFIK_DASHBOARD_WHITELIST=1.2.3.4/24