94 lines
2.7 KiB
YAML
94 lines
2.7 KiB
YAML
version: '3.3'
|
|
|
|
|
|
services:
|
|
reverse-proxy:
|
|
image: traefik:1.7
|
|
command:
|
|
- --defaultentrypoints=https,http
|
|
- --api
|
|
- --api.entryPoint=traefik
|
|
- --api.dashboard=true
|
|
- --debug=false
|
|
- --entryPoints=Name:http Address::1380 Compress:true Redirect.EntryPoint:https
|
|
- --entryPoints=Name:https Address::13443 TLS Compress:true TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- --entryPoints=Name:localhttp Address::80 Compress:true Redirect.EntryPoint:localhttps
|
|
- --entryPoints=Name:localhttps Address::443 TLS Compress:true TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - --logLevel=INFO
|
|
- --accessLog.format=json
|
|
- --docker
|
|
- --docker.endpoint=unix:///var/run/docker.sock
|
|
- --docker.domain=${DOCKER_DOMAIN}
|
|
- --docker.swarmmode=true
|
|
- --docker.watch=true
|
|
- --docker.exposedbydefault=false
|
|
- --acme.email=${ACME_EMAIL}
|
|
- --acme.storage=/acme/acme.json
|
|
- --acme.entryPoint=https
|
|
- --acme.onHostRule=true
|
|
- --acme.httpChallenge.entryPoint=http
|
|
ports:
|
|
- target: 80
|
|
published: 80
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 443
|
|
published: 443
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 1380
|
|
published: ${PUBLICHTTPPORT}
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 13443
|
|
published: ${PUBLICHTTPSPORT}
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 8080
|
|
published: ${ADMINPORT}
|
|
protocol: tcp
|
|
mode: host
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- acmeData:/acme
|
|
- tmp:/tmp
|
|
- tlsData:/tls
|
|
networks:
|
|
- traefik-net
|
|
- external
|
|
deploy:
|
|
mode: global
|
|
placement:
|
|
constraints:
|
|
- node.role == manager
|
|
restart_policy:
|
|
condition: any
|
|
delay: 5s
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.frontend.rule: "Host:traefik.lan"
|
|
traefik.port: 8080
|
|
traefik.frontend.entryPoints: localhttp,localhttps
|
|
traefik.docker.network: traefik-net
|
|
traefik.frontend.headers.STSSeconds: 63072000
|
|
traefik.frontend.headers.STSIncludeSubdomains: "true"
|
|
traefik.frontend.headers.STSPreload: "true"
|
|
|
|
networks:
|
|
external:
|
|
traefik-net:
|
|
driver: overlay
|
|
external: true
|
|
|
|
volumes:
|
|
acmeData:
|
|
tlsData:
|
|
tmp:
|
|
|
|
|
|
### Environment variables
|
|
# ADMINPORT 8080
|
|
# PUBLICHTTPPORT 1380
|
|
# PUBLICHTTPSPORT 13443
|
|
# DOCKER_DOMAIN
|
|
# ACME_EMAIL
|