homeserver/docker-compose/traefik/docker-compose.yml.j2
Renovate Bot ed10c86ca1 chore(deps): pin dependencies (#738)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| nextcloud | pinDigest |  -> `0d231d5` |
| registry.mgrote.net/httpd | pinDigest |  -> `4e99b75` |
| [traefik](https://github.com/containous/traefik) | pinDigest |  -> `81a73de` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNjguMiIsInVwZGF0ZWRJblZlciI6IjM3LjE2OC4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->

Reviewed-on: #738
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-02-06 18:55:03 +01:00

66 lines
2 KiB
Django/Jinja

version: '3'
services:
######## traefik ########
traefik:
container_name: traefik
image: "traefik:v3.0@sha256:81a73de0d19b6d61eb1f1e413d48835fe3c412f5ed3d9750dc3dab5c93519445"
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml
- ./file-provider.yml:/etc/traefik/file-provider.yml
- acme_data:/etc/traefik/acme
networks:
- traefik
ports:
- "80:80" # HTTP
- "8081:8080" # Web-GUI
- "443:443" # HTTPS
- "2222:2222" # SSH
environment:
TZ: Europe/Berlin
labels:
com.centurylinklabs.watchtower.enable: true
healthcheck:
test: ["CMD", "traefik", "healthcheck", "--ping"]
interval: 30s
timeout: 10s
retries: 3
######## nforwardauth ########
nforwardauth:
restart: always
image: "nosduco/nforwardauth:v1.4.0@sha256:16e38db002d27758bdc53c70ba12113d84158c758efe930c97c6e9e2bf612a5d"
container_name: traefik-nforwardauth
environment:
TOKEN_SECRET: "{{ lookup('keepass', 'nforwardauth_token_secret', 'password') }}"
AUTH_HOST: auth.mgrote.net
labels:
traefik.enable: true
traefik.http.routers.nforwardauth.rule: Host(`auth.mgrote.net`)
traefik.http.middlewares.nforwardauth.forwardauth.address: http://nforwardauth:3000
traefik.http.services.nforwardauth.loadbalancer.server.port: 3000
traefik.http.routers.nforwardauth.tls: true
traefik.http.routers.nforwardauth.tls.certresolver: resolver_letsencrypt
traefik.http.routers.nforwardauth.entrypoints: entry_https
com.centurylinklabs.watchtower.depends-on: traefik
com.centurylinklabs.watchtower.enable: true
volumes:
- "./passwd:/passwd:ro" # Mount local passwd file at /passwd as read only
networks:
- traefik
######## Networks ########
networks:
traefik:
external: true
######## Volumes ########
volumes:
acme_data:
# passwd
# echo "<user>:$(mkpasswd -m sha-512 <password>)"