Guillaume "B.B." Van Hemmen
2f3caa4b5c
Added a `docker-compose.yml` to set up Traefik as a standalone reverse proxy with Docker Compose. Updated `README.md` for installation and usage instructions, and added `.gitignore`, `LICENSE`, and `.env.dist` files for environment configuration and licensing.
53 lines
2.5 KiB
YAML
53 lines
2.5 KiB
YAML
networks:
|
|
network:
|
|
name: traefik_network
|
|
|
|
services:
|
|
|
|
reverse-proxy:
|
|
image: traefik:v3.1 # The official Traefik docker image
|
|
command:
|
|
- '--api=true'
|
|
- '--api.dashboard=false'
|
|
- '--api.insecure=false'
|
|
- '--global.sendAnonymousUsage=false'
|
|
- '--global.checkNewVersion=false'
|
|
- '--log=true'
|
|
- '--log.level=WARN'
|
|
- '--providers.docker=true' # Enabling docker provider
|
|
- '--providers.docker.exposedbydefault=false' # Do not expose containers unless explicitly told so
|
|
- '--entrypoints.web.address=:80' # Traefik will listen to incoming request on the port 80 (HTTP)
|
|
- '--entrypoints.web.http.redirections.entrypoint.to=websecure'
|
|
- '--entrypoints.web.http.redirections.entrypoint.scheme=https'
|
|
## Please see the Forwarded Header Trust section of the Authelia Traefik Integration documentation.
|
|
- '--entryPoints.web.forwardedHeaders.trustedips=${TRUSTED_IPS:-}'
|
|
- '--entryPoints.web.proxyProtocol.trustedips=${TRUSTED_IPS:-}'
|
|
- '--entryPoints.web.forwardedHeaders.insecure=false'
|
|
- '--entryPoints.web.proxyProtocol.insecure=false'
|
|
- '--entrypoints.websecure.address=:443' # Traefik will listen to incoming request on the port 443 (HTTPS)
|
|
## Please see the Forwarded Header Trust section of the Authelia Traefik Integration documentation.
|
|
- '--entryPoints.websecure.forwardedHeaders.trustedips=${TRUSTED_IPS:-}'
|
|
- '--entryPoints.websecure.proxyProtocol.trustedips=${TRUSTED_IPS:-}'
|
|
- '--entryPoints.websecure.forwardedHeaders.insecure=false'
|
|
- '--entryPoints.websecure.proxyProtocol.insecure=false'
|
|
- '--certificatesresolvers.myresolver.acme.httpchallenge=true' # Enable a http challenge named 'myresolver'
|
|
- '--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web' # Tell it to use our predefined entrypoint named 'web'
|
|
- '--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}' # The email to provide to let's encrypt
|
|
- '--certificatesresolvers.myresolver.acme.storage=/acme.json' # Tell to store the certificate on a path under our volume
|
|
networks:
|
|
- network
|
|
ports:
|
|
- target: 80
|
|
published: 80
|
|
mode: host
|
|
- target: 443
|
|
published: 443
|
|
mode: host
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
|
|
- ../acme.json:/acme.json
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: any
|
|
delay: 5s
|