-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
63 lines (61 loc) · 2.67 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
version: '3.8'
# Setup the network for the reverse proxy.
# All containers will be connected to this network.
networks:
default:
internal: false
name: reverse-proxy
services:
traefik:
image: traefik:2.6
restart: always
env_file:
- .env
command:
# We are going to use the docker provider
- "--providers.docker"
# Only enabled containers should be exposed
- "--providers.docker.exposedByDefault=false"
# We want to use the dashbaord
- "--api.dashboard=true"
# The entrypoints we ant to expose
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
# Enable ACME (Let's Encrypt): automatic SSL.
- "--certificatesresolvers.letsencrypt.acme.email=urandu@dashboard.piladi.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme.json"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
# Global redirect to https
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
# The acme.json file is required by Let's Encrypt
- ./letsencrypt/:/etc/traefik/acme/
labels:
# Since we don't expose containers per default we also need to enable traefik to expose the dashboard.
- "traefik.enable=true"
# http
# Since we are using the http challenge we and use the redirect we need
# to enable the http entrypoint.
- "traefik.http.routers.dashboard-http.entrypoints=web"
# The domain we want to listen to
- "traefik.http.routers.dashboard-http.rule=Host(`dashboard.${BASE_URL}`)"
# We need to attach the api@internal service to the dashboard-http router
# in order for the dashboard to be able to access the api (I think 🙈)
- "traefik.http.routers.dashboard-http.service=api@internal"
# https
# Enable the https entrypoint
- "traefik.http.routers.dashboard.entrypoints=websecure"
# The domain we want to listen to
- "traefik.http.routers.dashboard.rule=Host(`dashboard.${BASE_URL}`)"
# We want to obtain a certificate through Let's Encrypt
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
# We need to attach the api@internal service to the dashboard router
# in order for the dashboard to be able to access the api (I think 🙈)
- "traefik.http.routers.dashboard.service=api@internal"