traefik/docker-compose.yml at master · Bit-Barron/traefik · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    command:

      # Tell Traefik to discover containers using the Docker API
      - --providers.docker=true
      # Enable the Trafik dashboard
      - --api.dashboard=true
      # Set up LetsEncrypt
      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
      - --certificatesresolvers.letsencrypt.acme.email=$TRAEFIK_ACME_EMAIL
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      # Set up an insecure listener that redirects all traffic to TLS
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.coding-global-db.address=:5432 # Postgres discord bot
      # - --entrypoints.savagescan-db.address=:5433 # Postgres savage scan
      # Set up the TLS configuration for our websecure listener

      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certResolver=letsencrypt
      - --entrypoints.websecure.http.tls.domains[0].main=$TRAEFIK_BASE_DNS
      - --entrypoints.websecure.http.tls.domains[0].sans=*.$TRAEFIK_BASE_DNS
      - --pilot.token=$TRAEFIK_PILOT_TOKEN
    environment:
      - CLOUDFLARE_EMAIL=$CLOUDFLARE_EMAIL
      - CLOUDFLARE_DNS_API_TOKEN=$CLOUDFLARE_DNS_API_TOKEN
    ports:
      - 80:80
      - 443:443
      - 5432:5432 # Postgres discord bot
      # - 5433:5433 # Postgres terra-track
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Change traefik location to your directory
      - ~/traefik:/letsencrypt
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.rule=Host(`$TRAEFIK_DASHBOARD_HOST`)
      - traefik.http.routers.traefik.entrypoints=websecure
      - traefik.http.routers.traefik.tls.certresolver=letsencrypt
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.middlewares=traefik-auth
      - traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$2y$$05$$QgoabVnNBN3gR4wezwQovOm0glw00bQvUPORrYxz7.rI/rnw07cBG

networks:
  proxy:
    external: false
    name: proxy