image: traefik:v2.2
networks:
- ${TRAEFIK_PUBLIC_NETWORK?Variable not set}
- default
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Add a constraint to only use services with the label for this stack
# from the env var TRAEFIK_TAG
- --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG?Variable not set}`)
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api.dashboard
- --api.insecure=${TRAEFIK_API_INSECURE:-false}
- --api.debug=${TREAFIK_API_DEBUG:-false}
- --api
labels:
# Enable Traefik for this service, to make it available in the public network
- traefik.enable=true
# Use the traefik-public network (declared below)
- traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set}
# Use the custom label "traefik.constraint-label=traefik-public"
# This public Traefik will only use services with this label
- traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set}
# Add routing settings for dashboard (api/frontend)
# Make a frontend entrypoint as a http one.
- traefik.http.routers.router0.entrypoints.web.address=:80
- traefik.http.routers.router0.rule=Host(`traefik.${DOMAIN?Variable not set}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
- traefik.http.routers.router0.service=api@internal
- traefik.http.services.router0.loadbalancer.servers.port=80
# Add authentication middleware to the frontend router
- traefik.http.middlewares.auth.basicauth.users=${USERNAME:-admin}:${HASHED_PASSWORD:-$$apr1$$8yb3Fm0g$$wb43b7.rYzw72ODh3bCZE.} # password: admin
- traefik.http.routers.router0.middlewares=auth
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`tf.domain.com`)"
- "traefik.http.middlewares.auth.basicauth.users=login:hashed_password"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=auth,traefik-https-redirect"
- "traefik.http.routers.traefik-https.entrypoints=https"
- "traefik.http.routers.traefik-https.rule=Host(`tf.domain.com`)"
- "traefik.http.routers.traefik-https.tls=true"
- "traefik.http.routers.traefik-https.tls.certresolver=mytlschallenge"
- "traefik.http.routers.traefik-https.tls.domains[0].main=tf.domain.com"
- "traefik.http.routers.traefik-https.service=api@internal"
command:
// ..... другие директивы
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
- "--certificatesresolvers.mytlschallenge.acme.email=youremail@domain.com"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "./letsencrypt:/letsencrypt"