107 lines
3.8 KiB
Django/Jinja
107 lines
3.8 KiB
Django/Jinja
version: '3'
|
|
services:
|
|
######## traefik ########
|
|
traefik:
|
|
container_name: "traefik"
|
|
image: traefik:2.9
|
|
restart: always
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./traefik.yml:/etc/traefik/traefik.yml
|
|
- ./file-provider.yml:/etc/traefik/file-provider.yml
|
|
- acme_data:/etc/traefik/acme
|
|
networks:
|
|
- traefik
|
|
ports:
|
|
- "80:80" # HTTP
|
|
- "8081:8080" # Web-GUI
|
|
- "443:443" # HTTPS
|
|
- "2222:2222" # SSH
|
|
environment:
|
|
TZ: Europe/Berlin
|
|
labels:
|
|
com.centurylinklabs.watchtower.enable: true
|
|
# hier sind gemeinsame middlewares defniert und zu einer chain zusammengefasst
|
|
# CAVE: die Reihenfolge innerhalb von Chains/von Middlewares ist wichtig
|
|
# Aufbau: traefik.http.middlewares.<NAME>.chain.middlewares: middleware1,middleware2,middleware3
|
|
# diese kann dann direkt eingebunden werden:
|
|
# Beispiel: XXXXX
|
|
# beim Einsatz von nforwardauth:
|
|
# Beispiel: YYYYY
|
|
|
|
# Middleware default
|
|
# enthält Rate-Limiting, Error-Pages und ZZZ?
|
|
|
|
|
|
######## error-pages ########
|
|
# https://github.com/tarampampam/error-pages/wiki/Traefik-(docker-compose)
|
|
error-pages:
|
|
container_name: "traefik-error-pages"
|
|
image: tarampampam/error-pages:2
|
|
restart: always
|
|
environment:
|
|
TEMPLATE_NAME: ghost
|
|
labels:
|
|
com.centurylinklabs.watchtower.depends-on: traefik
|
|
com.centurylinklabs.watchtower.enable: true
|
|
|
|
traefik.enable: true
|
|
# use as "fallback" for any NON-registered services (with priority below normal)
|
|
traefik.http.routers.error-pages-router.rule: HostRegexp(`{host:.+}`)
|
|
traefik.http.routers.error-pages-router.priority: 10
|
|
# should say that all of your services work on https
|
|
traefik.http.routers.error-pages-router.entrypoints: entry_https
|
|
traefik.http.routers.error-pages-router.middlewares: error-pages-middleware
|
|
# "errors" middleware settings
|
|
traefik.http.middlewares.error-pages-middleware.errors.status: 400-599
|
|
traefik.http.middlewares.error-pages-middleware.errors.service: error-pages-service
|
|
traefik.http.middlewares.error-pages-middleware.errors.query: /{status}.html
|
|
# define service properties
|
|
traefik.http.services.error-pages-service.loadbalancer.server.port: 8080
|
|
depends_on:
|
|
- traefik
|
|
networks:
|
|
- traefik
|
|
|
|
######## nforwardauth ########
|
|
# https://github.com/NOSDuco/nforwardauth
|
|
nforwardauth:
|
|
container_name: "traefik-nforwardauth"
|
|
image: nosduco/nforwardauth:v1
|
|
restart: always
|
|
depends_on:
|
|
- traefik
|
|
networks:
|
|
- traefik
|
|
volumes:
|
|
- ./passwd:/passwd:ro # Mount local passwd file at /passwd as ready only
|
|
environment:
|
|
TOKEN_SECRET: {{ lookup('keepass', 'traefik-nforwardauth-token-secret', 'password') }} # Secret to use when signing auth token
|
|
AUTH_HOST: auth.mgrote.net
|
|
#COOKIE_DOMAIN: mgrote.net # Set domain for the cookies. This value will allow cookie and auth on *.yourdomain.com (including base domain)
|
|
PORT: 3000 # Set specific port to listen on
|
|
labels:
|
|
com.centurylinklabs.watchtower.depends-on: traefik
|
|
com.centurylinklabs.watchtower.enable: true
|
|
|
|
traefik.enable: true
|
|
traefik.http.routers.nforwardauth.rule: Host(`auth.mgrote.net`)
|
|
|
|
traefik.http.middlewares.nforwardauth.forwardauth.address: http://nforwardauth:3000
|
|
|
|
traefik.http.services.nforwardauth.loadbalancer.server.port: 3000
|
|
traefik.http.routers.nforwardauth.tls: true
|
|
traefik.http.routers.nforwardauth.tls.certresolver: resolver_letsencrypt
|
|
traefik.http.routers.nforwardauth.entrypoints: entry_https
|
|
|
|
# traefik.http.routers.nforwardauth.middlewares: error-pages-middleware
|
|
|
|
|
|
######## Networks ########
|
|
networks:
|
|
traefik:
|
|
external: true
|
|
|
|
######## Volumes ########
|
|
volumes:
|
|
acme_data:
|