40 lines
1.6 KiB
YAML
40 lines
1.6 KiB
YAML
version: '3'
|
|
|
|
services:
|
|
traefik:
|
|
container_name: traefik
|
|
image: traefik:v2.2.1
|
|
command:
|
|
- --providers.docker=true
|
|
- --providers.docker.exposedbydefault=false
|
|
- --api.insecure # Don't do that in production
|
|
- --entrypoints.web.address=:80
|
|
- --entrypoints.websecure.address=:443
|
|
- --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
|
|
- --certificatesresolvers.letsencrypt.acme.storage=/acme.json
|
|
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.services.traefik.loadbalancer.server.port=80
|
|
# global redirect to https
|
|
- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
|
|
- traefik.http.routers.http-catchall.entrypoints=web
|
|
- traefik.http.routers.http-catchall.middlewares=redirect-to-https
|
|
# middleware redirect
|
|
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
|
|
- traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true
|
|
# Global wildcard certificates
|
|
- traefik.http.routers.wildcard-certs.tls.certresolver=letsencrypt
|
|
- traefik.http.routers.wildcard-certs.entrypoints=web
|
|
- traefik.http.routers.wildcard-certs.tls.domains[0].main=${DOMAIN}
|
|
- traefik.http.routers.wildcard-certs.tls.domains[0].sans=*.${DOMAIN}
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
- 8080:8080
|
|
networks:
|
|
- srv
|
|
restart: unless-stopped
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./acme.json:/acme.json
|