-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathtraefik2.yml
114 lines (107 loc) · 5.01 KB
/
traefik2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
version: "3.7"
# NETWORKS
networks:
home_net:
external: true
services:
# Traefik 2 - Reverse Proxy
traefik:
container_name: traefik
image: traefik:v2.4.8
restart: unless-stopped
command: # CLI arguments
- --global.checkNewVersion=false
- --global.sendAnonymousUsage=true
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
- --entryPoints.traefik.address=:8080
- --entrypoints.wireguard.address=:51820/udp
- --api=true
# - --api.insecure=true
# - --serversTransport.insecureSkipVerify=true
- --log=true
- --log.level=error #(Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/traefik.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=400-499
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.defaultrule=HostHeader(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
- --providers.docker.exposedByDefault=false
- --providers.docker.network=home_net
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
# - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
- --providers.file.watch=true # Only works on top level files in the rules folder
# Lets encrypt certs cofig
- --entrypoints.https.http.tls.certresolver=dns-dynu
- --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME
- --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME
- --entrypoints.https.http.tls.domains[1].main=$2ND_DOMAIN # Pulls Main cert for second domain
- --entrypoints.https.http.tls.domains[1].sans=*.$2ND_DOMAIN # Pulls wildcard cert for second domain
# - --certificatesResolvers.dns-dynu.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-dynu.acme.email=$DYNU_EMAIL
- --certificatesResolvers.dns-dynu.acme.storage=/acme.json
- --certificatesResolvers.dns-dynu.acme.dnsChallenge.provider=dynu
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
networks:
home_net:
ipv4_address: 192.168.0.60 # You can specify a static IP
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
- 8080:8080
- 51820:51820/udp
environment:
- DYNU_EMAIL=$DYNU_EMAIL
- DYNU_API_KEY=$DYNU_API_KEY
- DYNU_TTL=60
- DYNU_PROPAGATION_TIMEOUT=340
volumes:
- $USERDIR/traefik2/rules:/rules
- /var/run/docker.sock:/var/run/docker.sock:ro
- $USERDIR/traefik2/acme/acme.json:/acme.json
- $USERDIR/traefik2/traefik.log:/traefik.log
- $USERDIR/shared:/shared
labels:
- "traefik.enable=true"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.rule=HostHeader(`dashboard.$DOMAINNAME`)"
- "traefik.http.routers.traefik-rtr.tls=true"
## Services - API
- "traefik.http.routers.traefik-rtr.service=api@internal"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
## Middlewares
#- "traefik.http.routers.traefik-rtr.middlewares=middlewares-basic-auth@file"
- "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file"
# Traefik - Custom Error Pages
traefik-error-pages:
container_name: traefik-error-pages
image: guillaumebriday/traefik-custom-error-pages
restart: unless-stopped
networks:
home_net:
ipv4_address: 192.168.0.85 # You can specify a static IP
labels:
- "traefik.enable=true"
# HTTP Routers
- "traefik.http.routers.traefik-error-pages-rtr.entrypoints=https"
- "traefik.http.routers.traefik-error-pages-rtr.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.traefik-error-pages-rtr.priority=1"
# Middlewares
- "traefik.http.routers.traefik-error-pages-rtr.middlewares=traefik-error-pages"
- "traefik.http.middlewares.traefik-error-pages.errors.service=traefik-error-pages-svc"
- "traefik.http.middlewares.traefik-error-pages.errors.status=401,403,404,429,500,502,503"
- "traefik.http.middlewares.traefik-error-pages.errors.query=/{status}.html"
# HTTP Services
- "traefik.http.routers.traefik-error-pages-rtr.service=traefik-error-pages-svc"
- "traefik.http.services.traefik-error-pages-svc.loadbalancer.server.port=80"