2024-06-03 18:43:35 +02:00
|
|
|
services:
|
|
|
|
reverse-proxy:
|
2024-08-16 16:15:24 +02:00
|
|
|
image: traefik:v3.1.2
|
2024-06-03 18:43:35 +02:00
|
|
|
container_name: ${traefikServName}
|
|
|
|
restart: ${restartPolicy}
|
|
|
|
# Enables the web UI and tells Traefik to listen to docker
|
|
|
|
ports:
|
|
|
|
- ${MAIN_IP}:80:80
|
|
|
|
- ${MAIN_IP}:443:443
|
|
|
|
volumes:
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
- ./conf:/etc/traefik/
|
|
|
|
- letsencrypt:/letsencrypt
|
|
|
|
environment:
|
|
|
|
- TRAEFIK_PROVIDERS_DOCKER=true
|
|
|
|
- TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
|
|
|
|
- TRAEFIK_API=true
|
2024-08-16 16:15:24 +02:00
|
|
|
- TRAEFIK_PROVIDERS_FILE_DIRECTORY=/etc/traefik
|
2024-06-03 18:43:35 +02:00
|
|
|
- TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80
|
|
|
|
- TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=websecure
|
|
|
|
- TRAEFIK_ENTRYPOINTS_websecure_ADDRESS=:443
|
|
|
|
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_CERTRESOLVER=letsencrypt
|
2024-08-16 16:15:24 +02:00
|
|
|
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipwhitelist@file
|
2024-06-03 18:43:35 +02:00
|
|
|
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
|
|
|
|
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
|
|
|
|
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json
|
|
|
|
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_TLSCHALLENGE=true
|
2024-08-16 16:15:24 +02:00
|
|
|
- TRAEFIK_LOG_LEVEL=INFO
|
2024-06-03 18:43:35 +02:00
|
|
|
- TRAEFIK_API_DASHBOARD=true
|
2024-08-16 16:15:24 +02:00
|
|
|
#pour la migration vers traefik3
|
|
|
|
- TRAEFIK_CORE_DEFAULTRULESYNTAX=v3
|
2024-06-03 18:43:35 +02:00
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`) && PathPrefix(`/api`, `/dashboard`)"
|
|
|
|
- "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`)"
|
|
|
|
- "traefik.http.routers.traefik_https.entrypoints=websecure"
|
|
|
|
- "traefik.http.routers.traefik_https.service=api@internal"
|
|
|
|
- "traefik.http.routers.traefik_https.middlewares=test-adminipwhitelist@file,traefik-auth"
|
|
|
|
- "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/passfile"
|
2024-08-16 16:15:24 +02:00
|
|
|
# Middleware for redirection
|
|
|
|
- "traefik.http.middlewares.redirect-to-www.redirectregex.regex=^https?://${domain}(.*)"
|
|
|
|
- "traefik.http.middlewares.redirect-to-www.redirectregex.replacement=https://www.${domain}$${1}"
|
|
|
|
- "traefik.http.middlewares.redirect-to-www.redirectregex.permanent=true"
|
|
|
|
# Router for redirection
|
|
|
|
- "traefik.http.routers.redirection.rule=Host(`${domain}`)"
|
|
|
|
- "traefik.http.routers.redirection.entrypoints=websecure"
|
|
|
|
- "traefik.http.routers.redirection.middlewares=redirect-to-www"
|
|
|
|
|
|
|
|
|
2024-06-03 18:43:35 +02:00
|
|
|
networks:
|
|
|
|
- traefikNet
|
|
|
|
{{web
|
|
|
|
- webNet
|
|
|
|
}}
|
|
|
|
{{jirafeau
|
|
|
|
- jirafeauNet
|
|
|
|
}}
|
|
|
|
{{ethercalc
|
|
|
|
- ethercalcNet
|
|
|
|
}}
|
|
|
|
{{etherpad
|
|
|
|
- etherpadNet
|
|
|
|
}}
|
|
|
|
{{framadate
|
|
|
|
- framadateNet
|
|
|
|
}}
|
|
|
|
{{ldap
|
|
|
|
- ldapNet
|
|
|
|
}}
|
|
|
|
{{mobilizon
|
|
|
|
- mobilizonNet
|
|
|
|
}}
|
|
|
|
{{cloud
|
|
|
|
- cloudNet
|
|
|
|
}}
|
|
|
|
{{collabora
|
|
|
|
- collaboraNet
|
|
|
|
}}
|
|
|
|
{{paheko
|
|
|
|
- pahekoNet
|
|
|
|
}}
|
|
|
|
{{mattermost
|
|
|
|
- mattermostNet
|
|
|
|
}}
|
|
|
|
{{roundcube
|
|
|
|
- roundcubeNet
|
|
|
|
}}
|
|
|
|
{{gitea
|
|
|
|
- giteaNet
|
|
|
|
}}
|
|
|
|
{{dokuwiki
|
|
|
|
- dokuwikiNet
|
|
|
|
}}
|
|
|
|
{{postfix
|
|
|
|
- postfixNet
|
|
|
|
}}
|
|
|
|
{{vaultwarden
|
|
|
|
- vaultwardenNet
|
|
|
|
}}
|
|
|
|
{{imapsync
|
|
|
|
- imapsyncNet
|
|
|
|
}}
|
|
|
|
{{castopod
|
|
|
|
- castopodNet
|
|
|
|
}}
|
|
|
|
{{apikaz
|
|
|
|
- apikazNet
|
|
|
|
}}
|
|
|
|
|
|
|
|
#### BEGIN ORGA USE_NET
|
|
|
|
#### END ORGA USE_NET
|
|
|
|
|
|
|
|
networks:
|
|
|
|
traefikNet:
|
|
|
|
external: true
|
|
|
|
name: traefikNet
|
|
|
|
{{web
|
|
|
|
webNet:
|
|
|
|
external: true
|
|
|
|
name: webNet
|
|
|
|
}}
|
|
|
|
{{jirafeau
|
|
|
|
jirafeauNet:
|
|
|
|
external: true
|
|
|
|
name: jirafeauNet
|
|
|
|
}}
|
|
|
|
{{ethercalc
|
|
|
|
ethercalcNet:
|
|
|
|
external: true
|
|
|
|
name: ethercalcNet
|
|
|
|
}}
|
|
|
|
{{etherpad
|
|
|
|
etherpadNet:
|
|
|
|
external: true
|
|
|
|
name: etherpadNet
|
|
|
|
}}
|
|
|
|
{{framadate
|
|
|
|
framadateNet:
|
|
|
|
external: true
|
|
|
|
name: framadateNet
|
|
|
|
}}
|
|
|
|
{{ldap
|
|
|
|
ldapNet:
|
|
|
|
external: true
|
|
|
|
name: ldapNet
|
|
|
|
}}
|
|
|
|
{{mobilizon
|
|
|
|
mobilizonNet:
|
|
|
|
external: true
|
|
|
|
name: mobilizonNet
|
|
|
|
}}
|
|
|
|
{{cloud
|
|
|
|
cloudNet:
|
|
|
|
external: true
|
|
|
|
name: cloudNet
|
|
|
|
}}
|
|
|
|
{{collabora
|
|
|
|
collaboraNet:
|
|
|
|
external: true
|
|
|
|
name: collaboraNet
|
|
|
|
}}
|
|
|
|
{{paheko
|
|
|
|
pahekoNet:
|
|
|
|
external: true
|
|
|
|
name: pahekoNet
|
|
|
|
}}
|
|
|
|
{{mattermost
|
|
|
|
mattermostNet:
|
|
|
|
external: true
|
|
|
|
name: mattermostNet
|
|
|
|
}}
|
|
|
|
{{roundcube
|
|
|
|
roundcubeNet:
|
|
|
|
external: true
|
|
|
|
name: roundcubeNet
|
|
|
|
}}
|
|
|
|
{{gitea
|
|
|
|
giteaNet:
|
|
|
|
external: true
|
|
|
|
name: giteaNet
|
|
|
|
}}
|
|
|
|
{{dokuwiki
|
|
|
|
dokuwikiNet:
|
|
|
|
external: true
|
|
|
|
name: dokuwikiNet
|
|
|
|
}}
|
|
|
|
{{postfix
|
|
|
|
postfixNet:
|
|
|
|
external: true
|
|
|
|
name: postfixNet
|
|
|
|
}}
|
|
|
|
{{vaultwarden
|
|
|
|
vaultwardenNet:
|
|
|
|
external: true
|
|
|
|
name: vaultwardenNet
|
|
|
|
}}
|
|
|
|
{{imapsync
|
|
|
|
imapsyncNet:
|
|
|
|
external: true
|
|
|
|
name: imapsyncNet
|
|
|
|
}}
|
|
|
|
{{castopod
|
|
|
|
castopodNet:
|
|
|
|
external: true
|
|
|
|
name: castopodNet
|
|
|
|
}}
|
|
|
|
{{api
|
|
|
|
apikazNet:
|
|
|
|
external: true
|
|
|
|
name: apikazNet
|
|
|
|
}}
|
|
|
|
|
|
|
|
#### BEGIN ORGA DEF_NET
|
|
|
|
#### END ORGA DEF_NET
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
letsencrypt:
|