-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
67 lines (57 loc) · 2.5 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
version: "3"
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${HOME}/dev/focus/traefik/traefik.yml:/traefik.yml:ro
- ${HOME}/dev/focus/traefik/rules:/rules:ro
- ${HOME}/dev/focus/traefik/letsencrypt:/letsencrypt
environment:
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
# redirect root to www
- "traefik.http.routers.root.rule=Host(`${DOMAIN}.${TLD}`) && PathPrefix(`/{path:(?!api|dashboard).*}`)"
- "traefik.http.routers.root.entrypoints=https"
- "traefik.http.routers.root.middlewares=redirect-root-to-www@docker"
- "traefik.http.routers.root.tls=true"
# middleware redirect root to www
- "traefik.http.middlewares.redirect-root-to-www.redirectregex.regex=^https://${DOMAIN}\\.${TLD}/(.*)"
- "traefik.http.middlewares.redirect-root-to-www.redirectregex.replacement=https://www.${DOMAIN}.${TLD}/$${1}"
# Dashboard
- "traefik.http.routers.dashboard.rule=Host(`${DOMAIN}.${TLD}`)"
- "traefik.http.routers.dashboard.priority=2"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.entrypoints=https"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=certchallenge"
- "traefik.http.routers.dashboard.middlewares=auth@docker,addprefix-dashboard@docker"
# Add dashboard prefix middleware
- "traefik.http.middlewares.addprefix-dashboard.addprefix.prefix=/dashboard"
# Basic auth middleware
- "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_USER}:${TRAEFIK_PASSWORD_HASH}"
# Watchtower Update
- "com.centurylinklabs.watchtower.enable=true"
networks:
proxy:
external: true