services: reverse-proxy: image: traefik:v3.1.2 container_name: ${traefikServName} restart: ${restartPolicy} # Enables the web UI and tells Traefik to listen to docker ports: - ${MAIN_IP}:80:80 - ${MAIN_IP}:443:443 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./conf:/etc/traefik/ - letsencrypt:/letsencrypt environment: - TRAEFIK_PROVIDERS_DOCKER=true - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false - TRAEFIK_API=true - TRAEFIK_PROVIDERS_FILE_DIRECTORY=/etc/traefik - TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80 - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=websecure - TRAEFIK_ENTRYPOINTS_websecure_ADDRESS=:443 - TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_CERTRESOLVER=letsencrypt - TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipwhitelist@file - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain} - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server} - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_TLSCHALLENGE=true - TRAEFIK_LOG_LEVEL=INFO - TRAEFIK_API_DASHBOARD=true #pour la migration vers traefik3 - TRAEFIK_CORE_DEFAULTRULESYNTAX=v3 labels: - "traefik.enable=true" - "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`) && PathPrefix(`/api`, `/dashboard`)" - "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`)" - "traefik.http.routers.traefik_https.entrypoints=websecure" - "traefik.http.routers.traefik_https.service=api@internal" - "traefik.http.routers.traefik_https.middlewares=test-adminipwhitelist@file,traefik-auth" - "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/passfile" networks: - traefikNet {{web - webNet }} {{jirafeau - jirafeauNet }} {{ethercalc - ethercalcNet }} {{etherpad - etherpadNet }} {{framadate - framadateNet }} {{ldap - ldapNet }} {{mobilizon - mobilizonNet }} {{cloud - cloudNet }} {{collabora - collaboraNet }} {{paheko - pahekoNet }} {{mattermost - mattermostNet }} {{roundcube - roundcubeNet }} {{gitea - giteaNet }} {{dokuwiki - dokuwikiNet }} {{postfix - postfixNet }} {{vaultwarden - vaultwardenNet }} {{imapsync - imapsyncNet }} {{castopod - castopodNet }} {{apikaz - apikazNet }} #### BEGIN ORGA USE_NET #### END ORGA USE_NET networks: traefikNet: external: true name: traefikNet {{web webNet: external: true name: webNet }} {{jirafeau jirafeauNet: external: true name: jirafeauNet }} {{ethercalc ethercalcNet: external: true name: ethercalcNet }} {{etherpad etherpadNet: external: true name: etherpadNet }} {{framadate framadateNet: external: true name: framadateNet }} {{ldap ldapNet: external: true name: ldapNet }} {{mobilizon mobilizonNet: external: true name: mobilizonNet }} {{cloud cloudNet: external: true name: cloudNet }} {{collabora collaboraNet: external: true name: collaboraNet }} {{paheko pahekoNet: external: true name: pahekoNet }} {{mattermost mattermostNet: external: true name: mattermostNet }} {{roundcube roundcubeNet: external: true name: roundcubeNet }} {{gitea giteaNet: external: true name: giteaNet }} {{dokuwiki dokuwikiNet: external: true name: dokuwikiNet }} {{postfix postfixNet: external: true name: postfixNet }} {{vaultwarden vaultwardenNet: external: true name: vaultwardenNet }} {{imapsync imapsyncNet: external: true name: imapsyncNet }} {{castopod castopodNet: external: true name: castopodNet }} {{api apikazNet: external: true name: apikazNet }} #### BEGIN ORGA DEF_NET #### END ORGA DEF_NET volumes: letsencrypt: