docker-deploy/traefik/docker-compose.yml

70 lines
2.8 KiB
YAML

version: "3.9"
services:
reverse-proxy:
image: traefik:v2.5
restart: always
command:
- "--global.sendanonymoususage=false"
- "--global.checknewversion=false"
# EntryPoints
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
# Global HTTP -> HTTPS
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
# default TLS configuration
- "--entrypoints.websecure.http.tls.certresolver=letsencrypt"
- "--entrypoints.websecure.http.tls.domains[0].main=esin.io"
- "--entrypoints.websecure.http.tls.domains[0].sans=*.esin.io"
# Enable dashboard
- "--api.dashboard=true"
- "--ping"
# Provider docker
- "--providers.docker.network=${DOCKER_NETWORK}"
- "--providers.docker.watch=true"
- "--providers.docker.exposedByDefault=false"
# Provider file
- "--providers.file.watch=true"
- "--providers.file.directory=/etc/traefik"
# SSL configuration
- "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=linode"
- "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/acme/acme.json"
#- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- "--log.filePath=/var/log/traefik.log"
- "--log.format=json"
- "--log.level=INFO"
- "--accessLog.filepath=/var/log/access.log"
- "--accessLog.format=json"
- "--accessLog.bufferingsize=100"
ports:
- "80:80"
- "443:443"
environment:
- "TZ=Asia/Shanghai"
- LINODE_TOKEN=${LINODE_TOKEN}
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.rule=Host(`traefik.esin.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
- "traefik.http.routers.dashboard.tls.domains[0].main=esin.io"
- "traefik.http.routers.dashboard.tls.domains[0].sans=*.esin.io"
- "traefik.http.routers.dashboard.middlewares=dashboard-auth"
- "traefik.http.middlewares.dashboard.compress=true"
- "traefik.http.middlewares.dashboard.compress.excludedcontenttypes=text/event-stream"
- "traefik.http.middlewares.dashboard-auth.basicauth.users=${AUTH_USER}:${AUTH_PASS}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./acme.json:/etc/acme/acme.json
- ./log:/var/log
networks:
- traefik
networks:
traefik:
external: true