62 lines
1.7 KiB
YAML
62 lines
1.7 KiB
YAML
services:
|
|
traefik:
|
|
image: traefik:${TRAEFIK_VERSION:-v3.6}
|
|
container_name: ${TRAEFIK_NAME:-traefik}
|
|
restart: unless-stopped
|
|
|
|
command:
|
|
# Provider
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--providers.docker.watch=true"
|
|
|
|
|
|
# EntryPoints
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
|
|
# Let's Encrypt (ACME)
|
|
- "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL}"
|
|
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
|
|
- "--certificatesresolvers.le.acme.httpchallenge=true"
|
|
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
|
|
|
|
# Dashboard
|
|
- "--api.dashboard=true"
|
|
- "--api.insecure=false"
|
|
|
|
# Logging
|
|
- "--log.level=${TRAEFIK_LOGLEVEL:-INFO}"
|
|
|
|
ports:
|
|
- "${TRAEFIK_HTTP_PORT:-80}:80"
|
|
- "${TRAEFIK_HTTPS_PORT:-443}:443"
|
|
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "${TRAEFIK_DATA_PATH:-/opt/traefik}/letsencrypt:/letsencrypt"
|
|
|
|
networks:
|
|
- proxy
|
|
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
# Dashboard Router (HTTPS)
|
|
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)"
|
|
- "traefik.http.routers.traefik.entrypoints=websecure"
|
|
- "traefik.http.routers.traefik.service=api@internal"
|
|
- "traefik.http.routers.traefik.tls=true"
|
|
- "traefik.http.routers.traefik.tls.certresolver=le"
|
|
|
|
# Basic Auth Middleware
|
|
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_AUTH_USER}:${TRAEFIK_AUTH_HASH}"
|
|
|
|
# Apply Auth
|
|
- "traefik.http.routers.traefik.middlewares=traefik-auth"
|
|
|
|
networks:
|
|
proxy:
|
|
name: proxy
|
|
driver: bridge
|