48 lines
1.7 KiB
YAML
48 lines
1.7 KiB
YAML
services:
|
|
traefik:
|
|
image: traefik:v2.10
|
|
container_name: traefik
|
|
restart: always
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
networks:
|
|
- traefik
|
|
- crowdsec
|
|
ports:
|
|
- "80:80" # HTTP
|
|
- "443:443" # HTTPS
|
|
- "8080:8080" # Traefik Dashboard (optional, can be disabled)
|
|
environment:
|
|
- TZ=America/Denver
|
|
volumes:
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./traefik.yml:/traefik.yml:ro
|
|
- ./acme.json:/acme.json
|
|
- ./config.yml:/config.yml:ro
|
|
- ./logs:/var/log/traefik
|
|
labels:
|
|
- "traefik.enable=true"
|
|
# Dashboard
|
|
- "traefik.http.routers.traefik.rule=Host(`traefik.pkartchner.com`)"
|
|
- "traefik.http.routers.traefik.entrypoints=https"
|
|
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.traefik.service=api@internal"
|
|
- "traefik.http.routers.traefik.middlewares=traefik-auth,internal-whitelist@file"
|
|
# Dashboard auth (username: admin, password: IdCTOFygYRqyDPSTOkUgMg==)
|
|
# Generate new password: echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g
|
|
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$GF9aEQUw$$iEUiC8oacwqPDqd4yPBnn/"
|
|
# Global redirect to HTTPS
|
|
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
|
- "traefik.http.routers.http-catchall.entrypoints=http"
|
|
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
|
|
networks:
|
|
traefik:
|
|
name: traefik
|
|
driver: bridge
|
|
crowdsec:
|
|
name: crowdsec
|
|
external: true
|