KazV2/dockers/traefik/docker-compose.tmpl.yml.dist
2024-06-03 18:43:35 +02:00

220 lines
4.5 KiB
Plaintext

version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.10.7
container_name: ${traefikServName}
restart: ${restartPolicy}
# Enables the web UI and tells Traefik to listen to docker
ports:
# The HTTP port
- ${MAIN_IP}:80:80
- ${MAIN_IP}:443:443
# The Web UI (enabled by --api.insecure=true)
# - ${MAIN_IP}:8289:8289
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./conf:/etc/traefik/
- letsencrypt:/letsencrypt
environment:
- TRAEFIK_PROVIDERS_DOCKER=true
- TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
- TRAEFIK_API=true
- TRAEFIK_PROVIDERS_FILE_DIRECTORY=/etc/traefik/dynamic
- TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80
- TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=websecure
- TRAEFIK_ENTRYPOINTS_websecure_ADDRESS=:443
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_CERTRESOLVER=letsencrypt
#- TRAEFIK_ENTRYPOINTS_metrics_ADDRESS=:8289
#- TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT=metrics
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_TLSCHALLENGE=true
- TRAEFIK_LOG_LEVEL=DEBUG
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file
#- LEGO_CA_CERTIFICATES=/etc/traefik/root_ca.crt
#- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_HTTPCHALLENGE=true
#- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_HTTPCHALLENGE_ENTRYPOINT=web
- TRAEFIK_API_DASHBOARD=true
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`) && PathPrefix(`/api`, `/dashboard`)"
- "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`)"
- "traefik.http.routers.traefik_https.entrypoints=websecure"
# - "traefik.http.routers.traefik_https.tls=true"
- "traefik.http.routers.traefik_https.service=api@internal"
- "traefik.http.routers.traefik_https.middlewares=test-adminipwhitelist@file,traefik-auth"
# - "traefik.http.routers.traefik_https.tls.certresolver=letsencrypt"
- "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/passfile"
networks:
- traefikNet
{{web
- webNet
}}
{{jirafeau
- jirafeauNet
}}
{{ethercalc
- ethercalcNet
}}
{{etherpad
- etherpadNet
}}
{{framadate
- framadateNet
}}
{{ldap
- ldapNet
}}
{{mobilizon
- mobilizonNet
}}
{{cloud
- cloudNet
}}
{{collabora
- collaboraNet
}}
{{paheko
- pahekoNet
}}
{{mattermost
- mattermostNet
}}
{{roundcube
- roundcubeNet
}}
{{gitea
- giteaNet
}}
{{dokuwiki
- dokuwikiNet
}}
{{postfix
- postfixNet
}}
{{vaultwarden
- vaultwardenNet
}}
{{imapsync
- imapsyncNet
}}
{{castopod
- castopodNet
}}
{{apikaz
- apikazNet
}}
#### BEGIN ORGA USE_NET
#### END ORGA USE_NET
networks:
traefikNet:
external: true
name: traefikNet
{{web
webNet:
external: true
name: webNet
}}
{{jirafeau
jirafeauNet:
external: true
name: jirafeauNet
}}
{{ethercalc
ethercalcNet:
external: true
name: ethercalcNet
}}
{{etherpad
etherpadNet:
external: true
name: etherpadNet
}}
{{framadate
framadateNet:
external: true
name: framadateNet
}}
{{ldap
ldapNet:
external: true
name: ldapNet
}}
{{mobilizon
mobilizonNet:
external: true
name: mobilizonNet
}}
{{cloud
cloudNet:
external: true
name: cloudNet
}}
{{collabora
collaboraNet:
external: true
name: collaboraNet
}}
{{paheko
pahekoNet:
external: true
name: pahekoNet
}}
{{mattermost
mattermostNet:
external: true
name: mattermostNet
}}
{{roundcube
roundcubeNet:
external: true
name: roundcubeNet
}}
{{gitea
giteaNet:
external: true
name: giteaNet
}}
{{dokuwiki
dokuwikiNet:
external: true
name: dokuwikiNet
}}
{{postfix
postfixNet:
external: true
name: postfixNet
}}
{{vaultwarden
vaultwardenNet:
external: true
name: vaultwardenNet
}}
{{imapsync
imapsyncNet:
external: true
name: imapsyncNet
}}
{{castopod
castopodNet:
external: true
name: castopodNet
}}
{{api
apikazNet:
external: true
name: apikazNet
}}
#### BEGIN ORGA DEF_NET
#### END ORGA DEF_NET
volumes:
letsencrypt: