56 lines
1.7 KiB
YAML
56 lines
1.7 KiB
YAML
services:
|
|
traefik:
|
|
image: traefik:latest
|
|
container_name: ${TRAEFIK_NAME:-traefik}
|
|
restart: unless-stopped
|
|
|
|
command:
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
|
|
# EntryPoints
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
|
|
# Let's Encrypt
|
|
- "--certificatesresolvers.le.acme.httpchallenge=true"
|
|
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
|
|
- "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL:-admin@example.com}"
|
|
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
|
|
|
|
# Dashboard
|
|
- "--api.dashboard=true"
|
|
- "--api.insecure=false"
|
|
|
|
ports:
|
|
- "${TRAEFIK_HTTP_PORT:-80}:80"
|
|
- "${TRAEFIK_HTTPS_PORT:-443}:443"
|
|
- "${TRAEFIK_DASHBOARD_PORT:-8080}:8080"
|
|
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "${TRAEFIK_DATA_PATH:-/opt/traefik}/letsencrypt:/letsencrypt"
|
|
|
|
networks:
|
|
- proxy
|
|
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
# Dashboard Router
|
|
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST:-traefik.local}`)"
|
|
- "traefik.http.routers.traefik.entrypoints=websecure"
|
|
- "traefik.http.routers.traefik.service=api@internal"
|
|
- "traefik.http.routers.traefik.tls.certresolver=le"
|
|
|
|
# Basic Auth Middleware
|
|
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_AUTH_USER:-admin}:${TRAEFIK_AUTH_HASH:-$$apr1$$xyz123}"
|
|
|
|
# Dashboard secured with Basic Auth
|
|
- "traefik.http.routers.traefik.middlewares=traefik-auth"
|
|
|
|
networks:
|
|
proxy:
|
|
name: proxy
|
|
driver: bridge
|