version: '3' services: ######## traefik ######## traefik: container_name: traefik image: "traefik:v3.0@sha256:81a73de0d19b6d61eb1f1e413d48835fe3c412f5ed3d9750dc3dab5c93519445" restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik.yml:/etc/traefik/traefik.yml - ./file-provider.yml:/etc/traefik/file-provider.yml - acme_data:/etc/traefik/acme networks: - traefik ports: - "80:80" # HTTP - "8081:8080" # Web-GUI - "443:443" # HTTPS - "2222:2222" # SSH environment: TZ: Europe/Berlin labels: com.centurylinklabs.watchtower.enable: true healthcheck: test: ["CMD", "traefik", "healthcheck", "--ping"] interval: 30s timeout: 10s retries: 3 ######## nforwardauth ######## nforwardauth: restart: always image: "nosduco/nforwardauth:v1.4.0@sha256:16e38db002d27758bdc53c70ba12113d84158c758efe930c97c6e9e2bf612a5d" container_name: traefik-nforwardauth environment: TOKEN_SECRET: "{{ lookup('keepass', 'nforwardauth_token_secret', 'password') }}" AUTH_HOST: auth.mgrote.net labels: traefik.enable: true traefik.http.routers.nforwardauth.rule: Host(`auth.mgrote.net`) traefik.http.middlewares.nforwardauth.forwardauth.address: http://nforwardauth:3000 traefik.http.services.nforwardauth.loadbalancer.server.port: 3000 traefik.http.routers.nforwardauth.tls: true traefik.http.routers.nforwardauth.tls.certresolver: resolver_letsencrypt traefik.http.routers.nforwardauth.entrypoints: entry_https com.centurylinklabs.watchtower.depends-on: traefik com.centurylinklabs.watchtower.enable: true volumes: - "./passwd:/passwd:ro" # Mount local passwd file at /passwd as read only networks: - traefik ######## Networks ######## networks: traefik: external: true ######## Volumes ######## volumes: acme_data: # passwd # echo ":$(mkpasswd -m sha-512 )"