From eb65cbe02f48f0a68cb68abd01ab4597da68abfa Mon Sep 17 00:00:00 2001 From: Sandro Pratesi Date: Tue, 11 Oct 2022 22:56:52 +0200 Subject: [PATCH] Add traefik. --- traefik/docker-compose.yaml | 78 +++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 traefik/docker-compose.yaml diff --git a/traefik/docker-compose.yaml b/traefik/docker-compose.yaml new file mode 100644 index 0000000..b666dfd --- /dev/null +++ b/traefik/docker-compose.yaml @@ -0,0 +1,78 @@ +--- +# https://doc.traefik.io/traefik/user-guides/docker-compose/acme-http/ +# https://stackoverflow.com/questions/58584625/how-do-i-reference-a-self-signed-ssl-certificates-for-traefik-v2-in-a-docker-com + +version: '3.9' + +networks: + proxy: + external: true + +services: + reverse-proxy: + container_name: traefik + image: traefik:2.8 + restart: unless-stopped + ports: + - 80:80 + - 443:443 + networks: + # Use the public network created to be shared between Traefik and + # any other service that needs to be publicly available with HTTPS + - proxy + command: + - --providers.docker # Enable Docker in Traefik, so that it reads labels from Docker services + - --providers.docker.exposedbydefault=false # Do not expose all Docker services, only the ones explicitly exposed + - --providers.docker.network=proxy # Adds default network + #- --log.level=INFO + - --api.dashboard=true + # - --accesslog # Enable Access log + # - --ping=true # Enable /ping healthcheck route + # Set up LetsEncrypt + - --certificatesresolvers.letsencrypt.acme.dnschallenge=true + - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare + - --certificatesresolvers.letsencrypt.acme.email=${EMAIL_ADDRESS} + - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json + # Set up an insecure listener that redirects all traffic to TLS + - --entrypoints.web.address=:80 + - --entrypoints.web.http.redirections.entrypoint.to=websecure # Redirect all http to https + - --entrypoints.web.http.redirections.entrypoint.scheme=https + # Set up the TLS configuration for our websecure listener + - --entrypoints.websecure.address=:443 + - --entrypoints.websecure.http.tls=true + - --entrypoints.websecure.http.tls.certResolver=letsencrypt + - --entrypoints.websecure.http.tls.domains[0].main=golem.linux.it + - --entrypoints.websecure.http.tls.domains[0].sans=*.golem.linux.it + # SSH + # - --entrypoints.ssh.address=:22 # host system must use another port! + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Add Docker as a mounted volume, so that Traefik can read the labels of other services + - /srv/volumes/letsencrypt:/letsencrypt + environment: + - CLOUDFLARE_EMAIL=${CLOUDFLARE_ACCOUNT_EMAIL_ADDRESS} + - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_TOKEN_GOES_HERE} + labels: + - traefik.enable=true + - traefik.http.routers.dashboard.service=api@internal + - traefik.http.routers.dashboard.rule=Host(`traefik.889217.xyz`) + - traefik.http.routers.dashboard.entrypoints=websecure + - traefik.http.routers.dashboard.tls.certresolver=letsencrypt + healthcheck: + test: [CMD, traefik, healthcheck, --ping] + interval: 10s + timeout: 5s + retries: 3 + start_period: 15s + + demo-service: + container_name: whoami + image: traefik/whoami + restart: unless-stopped + networks: + - proxy + labels: + - traefik.enable=true + - traefik.http.routers.whoami.rule=Host(`whoami.golem.linux.it`) + - traefik.http.routers.whoami.entrypoints=websecure + - traefik.http.routers.whoami.tls.certresolver=letsencrypt + - traefik.http.services.whoami.loadbalancer.server.port=80