86 lines
3.4 KiB
YAML
Executable File
86 lines
3.4 KiB
YAML
Executable File
version: "3.9"
|
|
|
|
networks:
|
|
public:
|
|
name: public
|
|
external: false
|
|
|
|
services:
|
|
traefik:
|
|
image: traefik
|
|
container_name: traefik
|
|
restart: always
|
|
environment:
|
|
# - CF_API_EMAIL=${CF_API_EMAIL} # used with CF_API_KEY
|
|
# - CF_API_KEY=${CF_API_KEY} # Global API Key, unsafe
|
|
- CF_ZONE_API_TOKEN=${CF_ZONE_API_TOKEN} # Zone / Zone / Read, scope across all zones
|
|
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} # Zone / DNS / Edit, scope to specific domain(s)
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "./acme.json:/acme.json"
|
|
- "./dynamic:/etc/traefik/dynamic"
|
|
- "./certs:/certs"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
# - "8080:8080"
|
|
networks:
|
|
public:
|
|
ipv4_address: 172.22.0.254
|
|
command:
|
|
- "--log.level=DEBUG"
|
|
- "--api.insecure=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--providers.docker.network=public"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--providers.file.directory=/etc/traefik/dynamic"
|
|
|
|
# Let's Encrypt
|
|
- "--certificatesresolvers.le.acme.email=${CF_API_EMAIL}"
|
|
- "--certificatesresolvers.le.acme.storage=/acme.json"
|
|
# - "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
|
- "--certificatesresolvers.le.acme.dnschallenge=true"
|
|
- "--certificatesresolvers.le.acme.dnschallenge.provider=cloudflare"
|
|
- "--certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
|
|
- "--serversTransport.insecureSkipVerify=true"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_DOMAIN}`)"
|
|
- "traefik.http.routers.dashboard.service=dashboard-service"
|
|
- "traefik.http.services.dashboard-service.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.dashboard.tls=true"
|
|
- "traefik.http.routers.dashboard.tls.certresolver=le"
|
|
- "traefik.http.middlewares.dashboard-basicauth.basicauth.users=${BASIC_AUTH_CREDENTIALS}"
|
|
- "traefik.http.routers.dashboard.middlewares=dashboard-basicauth,error-pages-middleware"
|
|
|
|
error-pages:
|
|
image: tarampampam/error-pages
|
|
container_name: error-pages
|
|
restart: always
|
|
environment:
|
|
TEMPLATE_NAME: lost-in-space
|
|
SHOW_DETAILS: true
|
|
labels:
|
|
traefik.enable: true
|
|
# use as "fallback" for any NON-registered services (with priority below normal)
|
|
traefik.http.routers.error-pages.rule: HostRegexp(`{host:.+}`) || Host(`error.ykz.app`)
|
|
traefik.http.routers.error-pages.priority: 10
|
|
# "errors" middleware settings
|
|
traefik.http.routers.error-pages.middlewares: error-pages-middleware
|
|
traefik.http.middlewares.error-pages-middleware.errors.status: 400-599
|
|
traefik.http.middlewares.error-pages-middleware.errors.service: error-pages-service
|
|
traefik.http.middlewares.error-pages-middleware.errors.query: /{status}.html
|
|
# define service properties
|
|
traefik.http.services.error-pages-service.loadbalancer.server.port: 8080
|
|
traefik.http.routers.error-pages.service: error-pages-service
|
|
traefik.http.routers.error-pages.tls: true
|
|
traefik.http.routers.error-pages.tls.certresolver: le
|
|
traefik.http.routers.traefik.middlewares: error-pages-middleware
|
|
networks:
|
|
- public
|
|
depends_on:
|
|
- traefik
|