From ea15c97a9d45145326caf2d78fe094fc3c8264c3 Mon Sep 17 00:00:00 2001
From: leo <426742@gmail.com>
Date: Sun, 14 Jul 2024 23:30:09 +0000
Subject: [PATCH] create

---
 README.md          |  3 ++
 docker-compose.yml | 69 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 README.md
 create mode 100644 docker-compose.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..3d50c3f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+
+### Traefik
+*docker configuration*
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..1c9d003
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,69 @@
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:v3.0.1
+    restart: always
+    #networks:
+      #- proxynet
+    env_file:
+      - /data/secrets/vars.env
+    command: 
+     - "--providers.file.filename=/traefik/certs.yml"
+     - "--api.insecure=false"
+     - "--api.dashboard=true" 
+     - "--providers.docker"
+     - "--log.level=DEBUG"
+     - '--log=true'
+     #- "--log.level=INFO"
+     - "--providers.docker.exposedByDefault=false"
+     - "--providers.docker.network=proxynet"
+    #Entrypoints:
+     - "--entrypoints.http.address=:80"
+     - "--entrypoints.https.address=:443"
+     - "--entrypoints.postgres.address=:5432"
+     - "--entrypoints.http.http.redirections.entrypoint.to=https"
+     - "--entrypoints.http.http.redirections.entrypoint.scheme=https"
+    #SSL Let's Encrypt:
+     - "--entrypoints.https.http.tls.certResolver=le"
+     - "--certificatesresolvers.le.acme.tlschallenge=true"
+     - "--certificatesresolvers.le.acme.email=${LE_EMAIL}"
+     - "--certificatesresolvers.le.acme.storage=/letsencrypt/${DOMAIN}.acme.json"
+     #Dashboard secure:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
+      - "traefik.http.routers.dashboard.entrypoints=https"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.usersfile=/httpauth/usersfile.htpasswd"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "5432:5432"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /data/secrets/letsencrypt:/letsencrypt
+      - /data/secrets/httpauth:/httpauth
+      - /data/secrets/selfsigned/${DOMAIN}/certs.yml:/traefik/certs.yml
+      - /data/secrets/selfsigned:/secrets/selfsigned
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+
+  initContainers:
+    container_name: volume-permissions
+    image: busybox:1.36.1-glibc
+    
+    command: >
+      sh -c "touch /letsencrypt/${DOMAIN}.acme.json &&
+             chmod -Rv 600 /letsencrypt/* &&
+             chown 65532:65532 /letsencrypt/${DOMAIN}.acme.json"
+    volumes:
+      - /data/secrets/letsencrypt:/letsencrypt
+
+networks:
+  default:
+    name: proxynet
+    external: true
\ No newline at end of file