57 lines
1.6 KiB
YAML
57 lines
1.6 KiB
YAML
name: traefik
|
|
services:
|
|
traefik:
|
|
image: traefik:v3.6
|
|
container_name: traefik
|
|
restart: unless-stopped
|
|
env_file: .env
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
networks:
|
|
- traefik_proxy
|
|
- proxy_network
|
|
ports:
|
|
- target: 80
|
|
published: 80
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 443
|
|
published: 443
|
|
protocol: tcp
|
|
mode: host
|
|
- 10.8.0.1:9850:8080
|
|
dns:
|
|
- 1.1.1.1
|
|
- 8.8.8.8
|
|
volumes:
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- ./certs:/certs:ro
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./config/traefik.yml:/etc/traefik/traefik.yml:ro
|
|
- ./config/dynamic_conf:/etc/traefik/dynamic_conf:ro
|
|
- ./data/acme.json:/acme.json
|
|
environment:
|
|
- TRAEFIK_DASHBOARD_PASS=${TRAEFIK_DASHBOARD_PASS}
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.dashboard.rule=Host(`traefik.gravitywell.xyz`)
|
|
- traefik.http.routers.dashboard.service=api@internal
|
|
- traefik.http.routers.dashboard.entrypoints=websecure
|
|
- traefik.http.routers.dashboard.tls=true # replaces certresolver line
|
|
- traefik.http.routers.dashboard.middlewares=internal-allowlist
|
|
- traefik.http.middlewares.internal-allowlist.ipAllowList.sourcerange=127.0.0.1/32,10.8.0.0/24,192.168.0.0/16,172.16.0.0/12 # v3: ipAllowList not ipwhitelist
|
|
- traefik.docker.network=traefik_proxy
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: "0.50"
|
|
memory: 512M
|
|
reservations:
|
|
cpus: "0.10"
|
|
memory: 128M
|
|
networks:
|
|
traefik_proxy:
|
|
external: true
|
|
proxy_network:
|
|
external: true
|