services: traefik: container_name: traefik image: traefik:v3.0.1 restart: always networks: - proxynet env_file: - ./secrets/vars.env command: #tls: #certificates: #- certFile: /secrets/selfsigned/selfsigned.crt #keyFile: /secrets/selfsigned/selfsigned.key - "--providers.file.filename=/traefik/certs.yml" - "--api.insecure=false" - "--api.dashboard=true" - "--providers.docker" - "--log.level=DEBUG" - '--log=true' #- "--log.level=INFO" - "--providers.docker.exposedByDefault=false" - "--providers.docker.network=server_proxynet" #Entrypoints: - "--entrypoints.http.address=:80" - "--entrypoints.https.address=:443" - "--entrypoints.postgres.address=:5432" - "--entrypoints.http.http.redirections.entrypoint.to=https" - "--entrypoints.http.http.redirections.entrypoint.scheme=https" #SSL Let's Encrypt: - "--entrypoints.https.http.tls.certResolver=${CERT_RESOLVER}" - "--certificatesresolvers.le.acme.tlschallenge=true" - "--certificatesresolvers.le.acme.email=${LE_EMAIL}" - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" #Dashboard secure: labels: - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.dashboard.entrypoints=https" - "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.middlewares=auth" - "traefik.http.middlewares.auth.basicauth.usersfile=/httpauth/usersfile.htpasswd" ports: - "80:80" - "443:443" - "5432:5432" volumes: - /var/run/docker.sock:/var/run/docker.sock - ./secrets/letsencrypt:/letsencrypt - ./secrets/httpauth:/httpauth - ./traefik/certs.yml:/traefik/certs.yml - ./secrets/selfsigned:/secrets/selfsigned logging: driver: "json-file" options: max-size: "1m"