Created
May 4, 2022 04:49
-
-
Save zaverden/7ecbbd43c89f4095c487cfd6b3f7f0dd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
networks: | |
http-entry: | |
external: true | |
secrets: | |
namecheap-api-key: | |
file: /secrets/namecheap-api-key.secret | |
services: | |
traefik: | |
image: traefik:2.6 | |
restart: always | |
logging: | |
options: | |
max-size: 100m | |
networks: | |
- http-entry | |
ports: | |
- '80:80' | |
- '443:443' | |
extra_hosts: | |
- host.docker.internal:host-gateway | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- ./certificates:/certificates | |
- ./sites:/sites | |
command: | |
# https://doc.traefik.io/traefik/v2.6/operations/dashboard/ | |
- --api.dashboard=true | |
# https://doc.traefik.io/traefik/v2.6/observability/logs/ | |
- --log.format=json | |
- --log.level=DEBUG | |
# https://doc.traefik.io/traefik/v2.6/observability/access-logs | |
- --accessLog=true | |
- --accessLog.format=json | |
# https://doc.traefik.io/traefik/v2.6/providers/docker | |
- --providers.docker=true | |
# network must be specified because containers will have multiple networks attached | |
# details: https://github.com/traefik/traefik/issues/1156#issuecomment-287387666 | |
- --providers.docker.network=http-entry | |
- --providers.docker.exposedByDefault=false | |
# https://doc.traefik.io/traefik/v2.6/providers/file | |
- --providers.file=true | |
- --providers.file.directory=/sites | |
- --providers.file.watch=true | |
# Port 80 is only to redirect to 443 | |
# https://doc.traefik.io/traefik/v2.6/routing/entrypoints/#redirection | |
- --entryPoints.web80.address=:80 | |
- --entryPoints.web80.http.redirections.entryPoint.permanent=true | |
- --entryPoints.web80.http.redirections.entryPoint.scheme=https | |
- --entryPoints.web80.http.redirections.entryPoint.to=web443 | |
# Port 443 is configured to use default wildcard certificate | |
- --entryPoints.web443.address=:443 | |
- --entryPoints.web443.http.tls=true | |
- --entryPoints.web443.http.tls.certResolver=le-dns | |
- --entrypoints.web443.http.tls.domains[0].main=${D} | |
- --entrypoints.web443.http.tls.domains[0].sans=*.${D},*.dev.${D},*.qa.${D},*.demo.${D} | |
- --entrypoints.web443.http.middlewares=error-502@docker | |
# Wildcard certificates can only be verified through a DNS-01 challenge | |
# See more: https://doc.traefik.io/traefik/v2.6/https/acme/#dnschallenge | |
- --certificatesResolvers.le-dns.acme.email=letsencrypt@aspirity.com | |
- --certificatesResolvers.le-dns.acme.storage=/certificates/acme-dns.json | |
- --certificatesResolvers.le-dns.acme.dnschallenge=true | |
- --certificatesResolvers.le-dns.acme.dnschallenge.provider=namecheap | |
secrets: | |
- namecheap-api-key | |
environment: | |
NAMECHEAP_API_USER: ${NAMECHEAP_API_USER} | |
NAMECHEAP_API_KEY_FILE: /run/secrets/namecheap-api-key | |
labels: | |
traefik.enable: 'true' | |
traefik.http.routers.traefik.rule: Host(`traefik.${D}`) | |
traefik.http.routers.traefik.service: api@internal | |
traefik.http.routers.traefik.entrypoints: web443 | |
traefik.http.routers.traefik.priority: 9999 | |
traefik.http.routers.traefik.middlewares: traefik-auth | |
# docker run --entrypoint htpasswd httpd:2 -Bbn <USERNAME> <PASSWORD> | |
traefik.http.middlewares.traefik-auth.basicauth.users: ${TRAEFIK_BASIC_AUTH} | |
error-pages: | |
image: nginx:1.21 | |
restart: always | |
logging: | |
options: | |
max-size: 100m | |
networks: | |
- http-entry | |
volumes: | |
- ./error-pages/pages:/usr/share/nginx/html:ro | |
- ./error-pages/nginx.conf:/etc/nginx/nginx.conf:ro | |
- ./error-pages/default.conf:/etc/nginx/conf.d/default.conf:ro | |
labels: | |
traefik.enable: 'true' | |
traefik.http.routers.ingres-error-pages.rule: PathPrefix(`/`) | |
traefik.http.routers.ingres-error-pages.priority: 1 | |
traefik.http.services.ingres-error-pages.loadbalancer.server.port: 80 | |
traefik.http.middlewares.error-502.errors.status: 502 | |
traefik.http.middlewares.error-502.errors.service: ingres-error-pages | |
traefik.http.middlewares.error-502.errors.query: /{status}.html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment