From 97c7b23978ec227accad5d10d75ba4dde28674e4 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 25 Jul 2021 16:39:56 +0200 Subject: [PATCH] create traefik --- traefik/docker-compose.yml | 82 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 traefik/docker-compose.yml diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml new file mode 100644 index 0000000..8335c6d --- /dev/null +++ b/traefik/docker-compose.yml @@ -0,0 +1,82 @@ +# Resources +# - https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker/ +# - https://www.smarthomebeginner.com/traefik-2-docker-tutorial/ +# - https://gist.github.com/coltenkrauter/124ec31d616fa4c0dcf25d79462a6237 +# - https://faun.pub/deploy-nextcloud-with-docker-compose-traefik-2-postgresql-and-redis-fd1ffc166173 +# - https://github.com/jnsgruk/nextcloud-docker-compose/blob/master/traefik/docker-compose.yml +# - https://doc.traefik.io/traefik/middlewares/basicauth/ +# Generate auth: +# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g +# https://gist.github.com/coltenkrauter/124ec31d616fa4c0dcf25d79462a6237 +version: '3.8' + +services: + traefik: + image: traefik:livarot + container_name: traefik + restart: unless-stopped + env_file: .env + command: + - "--api=true" + - "--api.dashboard=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http" + - "--certificatesresolvers.letsencrypt.acme.email=$EMAIL" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--certificatesresolvers.dns-cloudflare.acme.email=$EMAIL" + - "--certificatesresolvers.dns-cloudflare.acme.storage=/cloudflare/acme.json" + - "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare" + - "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53" + - "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90" + - "--entrypoints.http.address=:80" + - "--entrypoints.https.address=:443" + - "--entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,104.16.0.0/13,104.24.0.0/14" # allow cloudflare source ips to set x-forwarded-for headers - https://www.cloudflare.com/ips-v4 + - "--entrypoints.https.http.tls.certresolver=dns-cloudflare" + - "--entrypoints.https.http.tls.domains[0].main=$DOMAIN" + - "--entrypoints.https.http.tls.domains[0].sans=*.$DOMAIN" + - "--entrypoints.https.http.tls.domains[1].main=$DOMAIN2" + - "--entrypoints.https.http.tls.domains[1].sans=*.$DOMAIN2" + - "--entrypoints.https.http.tls.options=tls-opts@file" + - "--log.level=INFO" + - "--log.format=json" + - "--metrics.prometheus=true" + - "--ping=true" + - "--providers.docker=true" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.network=public" + - "--providers.docker.swarmMode=false" + environment: + - CF_API_EMAIL=$CF_API_EMAIL + - CF_API_KEY=$CF_API_KEY + ports: + - 80:80 + - 443:443 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - $DOCKER_VOLUME_PATH/traefik/auth:/auth + - $DOCKER_VOLUME_PATH/traefik/letsencrypt:/letsencrypt + - $DOCKER_VOLUME_PATH/traefik/cloudflare:/cloudflare + labels: + - "traefik.enable=true" + # catchall for redirecting http to https + - "traefik.http.routers.http-catchall.entrypoints=http" + - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" + - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" + - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" + - "traefik.http.routers.traefik-rtr.entrypoints=https" + - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAIN`)" + - "traefik.http.routers.traefik-rtr.service=api@internal" + - "traefik.http.routers.traefik-rtr.middlewares=dashboard-auth" + - "traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/auth/passwords" + - "traefik.http.services.api@internal.loadbalancer.server.port=8080" + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + +networks: + public: + name: public