services:
reverse-proxy:
image: traefik:v3.3.4
container_name: ${traefikServName}
restart: ${restartPolicy}
# Enables the web UI and tells Traefik to listen to docker
ports:
- ${MAIN_IP}:80:80
- ${MAIN_IP}:443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./conf:/etc/traefik/
- letsencrypt:/letsencrypt
environment:
- TRAEFIK_PROVIDERS_DOCKER=true
- TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
- TRAEFIK_API=true
- TRAEFIK_PROVIDERS_FILE_DIRECTORY=/etc/traefik
- TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80
- TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=websecure
- TRAEFIK_ENTRYPOINTS_websecure_ADDRESS=:443
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_CERTRESOLVER=letsencrypt
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipallowlist@file
- TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT=600
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_TLSCHALLENGE=true
- TRAEFIK_LOG_LEVEL=INFO
- TRAEFIK_API_DASHBOARD=true
#pour la migration vers traefik3
- TRAEFIK_CORE_DEFAULTRULESYNTAX=v3
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`) && PathPrefix(`/api`, `/dashboard`)"
- "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`)"
- "traefik.http.routers.traefik_https.entrypoints=websecure"
- "traefik.http.routers.traefik_https.service=api@internal"
- "traefik.http.routers.traefik_https.middlewares=test-adminipallowlist@file,traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/passfile"
- "traefik.http.middlewares.reg-webmails.redirectregex.regex=^https://webmail.kaz.bzh(.*)"
- "traefik.http.middlewares.reg-webmails.redirectregex.replacement=https://kaz.bzh/relever-ses-mails-chez-kaz-via-un-webmail"
- "traefik.http.middlewares.reg-webmails.redirectregex.permanent=true"
- "traefik.http.routers.webmails.middlewares=reg-webmails"
- "traefik.http.routers.webmails.rule=Host(`webmail.kaz.bzh`)"
networks:
- traefikNet
{{web
- webNet
}}
{{jirafeau
- jirafeauNet
}}
{{ethercalc
- ethercalcNet
}}
{{etherpad
- etherpadNet
}}
{{framadate
- framadateNet
}}
{{ldap
- ldapNet
}}
{{mobilizon
- mobilizonNet
}}
{{cloud
- cloudNet
}}
{{collabora
- collaboraNet
}}
{{paheko
- pahekoNet
}}
{{mattermost
- mattermostNet
}}
{{roundcube
- roundcubeNet
}}
{{gitea
- giteaNet
}}
{{dokuwiki
- dokuwikiNet
}}
{{postfix
- postfixNet
}}
{{vaultwarden
- vaultwardenNet
}}
{{imapsync
- imapsyncNet
}}
{{castopod
- castopodNet
}}
{{apikaz
- apikazNet
}}
#### BEGIN ORGA USE_NET
#### END ORGA USE_NET
networks:
traefikNet:
external: true
name: traefikNet
{{web
webNet:
external: true
name: webNet
}}
{{jirafeau
jirafeauNet:
external: true
name: jirafeauNet
}}
{{ethercalc
ethercalcNet:
external: true
name: ethercalcNet
}}
{{etherpad
etherpadNet:
external: true
name: etherpadNet
}}
{{framadate
framadateNet:
external: true
name: framadateNet
}}
{{ldap
ldapNet:
external: true
name: ldapNet
}}
{{mobilizon
mobilizonNet:
external: true
name: mobilizonNet
}}
{{cloud
cloudNet:
external: true
name: cloudNet
}}
{{collabora
collaboraNet:
external: true
name: collaboraNet
}}
{{paheko
pahekoNet:
external: true
name: pahekoNet
}}
{{mattermost
mattermostNet:
external: true
name: mattermostNet
}}
{{roundcube
roundcubeNet:
external: true
name: roundcubeNet
}}
{{gitea
giteaNet:
external: true
name: giteaNet
}}
{{dokuwiki
dokuwikiNet:
external: true
name: dokuwikiNet
}}
{{postfix
postfixNet:
external: true
name: postfixNet
}}
{{vaultwarden
vaultwardenNet:
external: true
name: vaultwardenNet
}}
{{imapsync
imapsyncNet:
external: true
name: imapsyncNet
}}
{{castopod
castopodNet:
external: true
name: castopodNet
}}
{{api
apikazNet:
external: true
name: apikazNet
}}
#### BEGIN ORGA DEF_NET
#### END ORGA DEF_NET
volumes:
letsencrypt: