50 lines
1.8 KiB
YAML
50 lines
1.8 KiB
YAML
version: "3.9"
|
|
|
|
networks:
|
|
public:
|
|
name: public
|
|
external: false
|
|
|
|
services:
|
|
traefik:
|
|
image: traefik
|
|
container_name: traefik
|
|
restart: always
|
|
environment:
|
|
# - CF_API_EMAIL=${CF_API_EMAIL} # used with CF_API_KEY
|
|
# - CF_API_KEY=${CF_API_KEY} # Global API Key, unsafe
|
|
- CF_ZONE_API_TOKEN=${CF_ZONE_API_TOKEN} # Zone / Zone / Read, scope across all zones
|
|
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} # Zone / DNS / Edit, scope to specific domain(s)
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "./acme.json:/acme.json"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
# - "8080:8080"
|
|
networks:
|
|
- public
|
|
command:
|
|
- "--log.level=DEBUG"
|
|
- "--api.insecure=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
|
- "--entrypoints.websecure.address=:443"
|
|
|
|
# Let's Encrypt
|
|
- "--certificatesresolvers.le.acme.email=${CF_API_EMAIL}"
|
|
- "--certificatesresolvers.le.acme.storage=/acme.json"
|
|
# - "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
|
- "--certificatesresolvers.le.acme.dnschallenge=true"
|
|
- "--certificatesresolvers.le.acme.dnschallenge.provider=cloudflare"
|
|
- "--certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_DOMAIN}`)"
|
|
- "traefik.http.routers.dashboard.service=dashboard-service"
|
|
- "traefik.http.services.dashboard-service.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.dashboard.tls=true"
|
|
- "traefik.http.routers.dashboard.tls.certresolver=le"
|