homeserver/docker-compose/traefik/docker-compose.yml.j2
mg e87b456e81 traefik: restart: always (#522)
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: #522
2023-05-12 22:03:01 +02:00

107 lines
3.8 KiB
Django/Jinja

version: '3'
services:
######## traefik ########
traefik:
container_name: "traefik"
image: traefik:2.9
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml
- ./file-provider.yml:/etc/traefik/file-provider.yml
- acme_data:/etc/traefik/acme
networks:
- traefik
ports:
- "80:80" # HTTP
- "8081:8080" # Web-GUI
- "443:443" # HTTPS
- "2222:2222" # SSH
environment:
TZ: Europe/Berlin
labels:
com.centurylinklabs.watchtower.enable: true
# hier sind gemeinsame middlewares defniert und zu einer chain zusammengefasst
# CAVE: die Reihenfolge innerhalb von Chains/von Middlewares ist wichtig
# Aufbau: traefik.http.middlewares.<NAME>.chain.middlewares: middleware1,middleware2,middleware3
# diese kann dann direkt eingebunden werden:
# Beispiel: XXXXX
# beim Einsatz von nforwardauth:
# Beispiel: YYYYY
# Middleware default
# enthält Rate-Limiting, Error-Pages und ZZZ?
######## error-pages ########
# https://github.com/tarampampam/error-pages/wiki/Traefik-(docker-compose)
error-pages:
container_name: "traefik-error-pages"
image: tarampampam/error-pages:2
restart: always
environment:
TEMPLATE_NAME: ghost
labels:
com.centurylinklabs.watchtower.depends-on: traefik
com.centurylinklabs.watchtower.enable: true
traefik.enable: true
# use as "fallback" for any NON-registered services (with priority below normal)
traefik.http.routers.error-pages-router.rule: HostRegexp(`{host:.+}`)
traefik.http.routers.error-pages-router.priority: 10
# should say that all of your services work on https
traefik.http.routers.error-pages-router.entrypoints: entry_https
traefik.http.routers.error-pages-router.middlewares: error-pages-middleware
# "errors" middleware settings
traefik.http.middlewares.error-pages-middleware.errors.status: 400-599
traefik.http.middlewares.error-pages-middleware.errors.service: error-pages-service
traefik.http.middlewares.error-pages-middleware.errors.query: /{status}.html
# define service properties
traefik.http.services.error-pages-service.loadbalancer.server.port: 8080
depends_on:
- traefik
networks:
- traefik
######## nforwardauth ########
# https://github.com/NOSDuco/nforwardauth
nforwardauth:
container_name: "traefik-nforwardauth"
image: nosduco/nforwardauth:v1
restart: always
depends_on:
- traefik
networks:
- traefik
volumes:
- ./passwd:/passwd:ro # Mount local passwd file at /passwd as ready only
environment:
TOKEN_SECRET: {{ lookup('keepass', 'traefik-nforwardauth-token-secret', 'password') }} # Secret to use when signing auth token
AUTH_HOST: auth.mgrote.net
#COOKIE_DOMAIN: mgrote.net # Set domain for the cookies. This value will allow cookie and auth on *.yourdomain.com (including base domain)
PORT: 3000 # Set specific port to listen on
labels:
com.centurylinklabs.watchtower.depends-on: traefik
com.centurylinklabs.watchtower.enable: true
traefik.enable: true
traefik.http.routers.nforwardauth.rule: Host(`auth.mgrote.net`)
traefik.http.middlewares.nforwardauth.forwardauth.address: http://nforwardauth:3000
traefik.http.services.nforwardauth.loadbalancer.server.port: 3000
traefik.http.routers.nforwardauth.tls: true
traefik.http.routers.nforwardauth.tls.certresolver: resolver_letsencrypt
traefik.http.routers.nforwardauth.entrypoints: entry_https
# traefik.http.routers.nforwardauth.middlewares: error-pages-middleware
######## Networks ########
networks:
traefik:
external: true
######## Volumes ########
volumes:
acme_data: