-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose-traefik.yml
60 lines (57 loc) · 2.07 KB
/
docker-compose-traefik.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
version: "3.9"
services:
traefik:
image: traefik:2.10
deploy:
labels:
- "traefik.enable=true"
# Routers
## HTTP
- "traefik.http.routers.dashboard.rule=Host(`traefik.CHANGEME.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.entrypoints=web"
- "traefik.http.routers.dashboard.middlewares=traefik-redirect"
## HTTPS
- "traefik.http.routers.dashboard-secure.rule=Host(`traefik.CHANGEME.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard-secure.service=api@internal"
- "traefik.http.routers.dashboard-secure.entrypoints=websecure"
- "traefik.http.routers.dashboard-secure.tls.certresolver=awsresolver"
- "traefik.http.routers.dashboard-secure.middlewares=auth"
# Services
- "traefik.http.services.dashboard-secure.loadbalancer.server.port=8080"
- "traefik.docker.network=frontend"
# Middlewares
## Redirect
- "traefik.http.middlewares.traefik-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.traefik-redirect.redirectscheme.permanent=true"
## BasicAuth
- "traefik.http.middlewares.auth.basicauth.users=CHANGE_WITH:CHANGE_WITH_HASHED"
placement:
constraints:
- node.role==manager
ports:
- 80:80
- 443:443
# - 8080:8080
environment:
- AWS_SHARED_CREDENTIALS_FILE=/run/secrets/aws_shared_credentials
secrets:
- aws_shared_credentials
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml
- traefik_cert:/letsencrypt
networks:
- frontend
secrets:
aws_shared_credentials:
file: ./secrets/aws_shared_credentials.secret
networks:
frontend:
external: true
volumes:
traefik_cert:
driver: local
driver_opts:
type: nfs
o: addr=CHANGE_WITH_YOUR_EFS_IP_OR_DNS,rw,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport
device: ":/CERT_LOCATION_DIR"