docker-selfhosted-server/traefik/docker-compose.yml

# Resources
# - https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker/
# - https://www.smarthomebeginner.com/traefik-2-docker-tutorial/
# - https://gist.github.com/coltenkrauter/124ec31d616fa4c0dcf25d79462a6237
# - https://faun.pub/deploy-nextcloud-with-docker-compose-traefik-2-postgresql-and-redis-fd1ffc166173
# - https://github.com/jnsgruk/nextcloud-docker-compose/blob/master/traefik/docker-compose.yml
# - https://doc.traefik.io/traefik/middlewares/basicauth/
# Generate auth:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
# https://gist.github.com/coltenkrauter/124ec31d616fa4c0dcf25d79462a6237
version: '3.8'

services:
  traefik:
    image: traefik:livarot
    container_name: traefik
    restart: unless-stopped
    env_file: .env
    command:
      - "--api=true"
      - "--api.dashboard=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http"
      - "--certificatesresolvers.letsencrypt.acme.email=$EMAIL"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.dns-cloudflare.acme.email=$EMAIL"
      - "--certificatesresolvers.dns-cloudflare.acme.storage=/cloudflare/acme.json"
      - "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare"
      - "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      - "--entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,104.16.0.0/13,104.24.0.0/14" # allow cloudflare source ips to set x-forwarded-for headers - https://www.cloudflare.com/ips-v4
      - "--entrypoints.https.http.tls.certresolver=dns-cloudflare"
      - "--entrypoints.https.http.tls.domains[0].main=$DOMAIN"
      - "--entrypoints.https.http.tls.domains[0].sans=*.$DOMAIN"
      - "--entrypoints.https.http.tls.domains[1].main=$DOMAIN2"
      - "--entrypoints.https.http.tls.domains[1].sans=*.$DOMAIN2"
      - "--entrypoints.https.http.tls.options=tls-opts@file"
      - "--log.level=INFO"
      - "--log.format=json"
      - "--metrics.prometheus=true"
      - "--ping=true"
      - "--providers.docker=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=public"
      - "--providers.docker.swarmMode=false"
    environment:
      - CF_API_EMAIL=$CF_API_EMAIL
      - CF_API_KEY=$CF_API_KEY
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKER_VOLUME_PATH/traefik/auth:/auth
      - $DOCKER_VOLUME_PATH/traefik/letsencrypt:/letsencrypt
      - $DOCKER_VOLUME_PATH/traefik/cloudflare:/cloudflare
    labels:
      - "traefik.enable=true"
      # catchall for redirecting http to https
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAIN`)"
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      - "traefik.http.routers.traefik-rtr.middlewares=dashboard-auth"
      - "traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/auth/passwords"
      - "traefik.http.services.api@internal.loadbalancer.server.port=8080"
    networks:
      - public
    logging:
      driver: "json-file"
      options:
        max-size: "1m"

networks:
  public:
    name: public
create traefik 4 years ago			`# Resources`
			`# - https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker/`
			`# - https://www.smarthomebeginner.com/traefik-2-docker-tutorial/`
			`# - https://gist.github.com/coltenkrauter/124ec31d616fa4c0dcf25d79462a6237`
			`# - https://faun.pub/deploy-nextcloud-with-docker-compose-traefik-2-postgresql-and-redis-fd1ffc166173`
			`# - https://github.com/jnsgruk/nextcloud-docker-compose/blob/master/traefik/docker-compose.yml`
			`# - https://doc.traefik.io/traefik/middlewares/basicauth/`
			`# Generate auth:`
			`# echo $(htpasswd -nb user password) \| sed -e s/\\$/\\$\\$/g`
			`# https://gist.github.com/coltenkrauter/124ec31d616fa4c0dcf25d79462a6237`
			`version: '3.8'`

			`services:`
			`traefik:`
			`image: traefik:livarot`
			`container_name: traefik`
			`restart: unless-stopped`
			`env_file: .env`
			`command:`
			`- "--api=true"`
			`- "--api.dashboard=true"`
			`- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"`
			`- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http"`
			`- "--certificatesresolvers.letsencrypt.acme.email=$EMAIL"`
			`- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"`
			`- "--certificatesresolvers.dns-cloudflare.acme.email=$EMAIL"`
			`- "--certificatesresolvers.dns-cloudflare.acme.storage=/cloudflare/acme.json"`
			`- "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare"`
			`- "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53"`
			`- "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90"`
			`- "--entrypoints.http.address=:80"`
			`- "--entrypoints.https.address=:443"`
			`- "--entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,104.16.0.0/13,104.24.0.0/14" # allow cloudflare source ips to set x-forwarded-for headers - https://www.cloudflare.com/ips-v4`
			`- "--entrypoints.https.http.tls.certresolver=dns-cloudflare"`
			`- "--entrypoints.https.http.tls.domains[0].main=$DOMAIN"`
			`- "--entrypoints.https.http.tls.domains[0].sans=*.$DOMAIN"`
			`- "--entrypoints.https.http.tls.domains[1].main=$DOMAIN2"`
			`- "--entrypoints.https.http.tls.domains[1].sans=*.$DOMAIN2"`
			`- "--entrypoints.https.http.tls.options=tls-opts@file"`
			`- "--log.level=INFO"`
			`- "--log.format=json"`
			`- "--metrics.prometheus=true"`
			`- "--ping=true"`
			`- "--providers.docker=true"`
			`- "--providers.docker.endpoint=unix:///var/run/docker.sock"`
			`- "--providers.docker.exposedbydefault=false"`
			`- "--providers.docker.network=public"`
			`- "--providers.docker.swarmMode=false"`
			`environment:`
			`- CF_API_EMAIL=$CF_API_EMAIL`
			`- CF_API_KEY=$CF_API_KEY`
			`ports:`
			`- 80:80`
			`- 443:443`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`- $DOCKER_VOLUME_PATH/traefik/auth:/auth`
			`- $DOCKER_VOLUME_PATH/traefik/letsencrypt:/letsencrypt`
			`- $DOCKER_VOLUME_PATH/traefik/cloudflare:/cloudflare`
			`labels:`
			`- "traefik.enable=true"`
			`# catchall for redirecting http to https`
			`- "traefik.http.routers.http-catchall.entrypoints=http"`
			- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
			`- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"`
			`- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"`
			`- "traefik.http.routers.traefik-rtr.entrypoints=https"`
			- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAIN`)"
			`- "traefik.http.routers.traefik-rtr.service=api@internal"`
			`- "traefik.http.routers.traefik-rtr.middlewares=dashboard-auth"`
			`- "traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/auth/passwords"`
			`- "traefik.http.services.api@internal.loadbalancer.server.port=8080"`
			`networks:`
			`- public`
			`logging:`
			`driver: "json-file"`
			`options:`
			`max-size: "1m"`

			`networks:`
			`public:`
			`name: public`