services: traefik: container_name: traefik image: traefik:v3.0.1 restart: always #networks: #- proxynet env_file: - /data/secrets/vars.env command: - "--providers.file.filename=/traefik/certs.yml" - "--api.insecure=false" - "--api.dashboard=true" - "--providers.docker" - "--log.level=DEBUG" - '--log=true' #- "--log.level=INFO" - "--providers.docker.exposedByDefault=false" - "--providers.docker.network=proxynet" #Entrypoints: - "--entrypoints.http.address=:80" - "--entrypoints.https.address=:443" - "--entrypoints.postgres.address=:5432" - "--entrypoints.http.http.redirections.entrypoint.to=https" - "--entrypoints.http.http.redirections.entrypoint.scheme=https" #SSL Let's Encrypt: - "--entrypoints.https.http.tls.certResolver=le" - "--certificatesresolvers.le.acme.tlschallenge=true" - "--certificatesresolvers.le.acme.email=${LE_EMAIL}" - "--certificatesresolvers.le.acme.storage=/letsencrypt/${DOMAIN}.acme.json" #Dashboard secure: labels: - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.dashboard.entrypoints=https" - "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.middlewares=auth" - "traefik.http.middlewares.auth.basicauth.usersfile=/httpauth/usersfile.htpasswd" ports: - "80:80" - "443:443" - "5432:5432" volumes: - /var/run/docker.sock:/var/run/docker.sock - /data/secrets/letsencrypt:/letsencrypt - /data/secrets/httpauth:/httpauth - /data/secrets/selfsigned/${DOMAIN}/certs.yml:/traefik/certs.yml - /data/secrets/selfsigned:/secrets/selfsigned logging: driver: "json-file" options: max-size: "1m" initContainers: container_name: volume-permissions image: busybox:1.36.1-glibc command: > sh -c "touch /letsencrypt/${DOMAIN}.acme.json && chmod -Rv 600 /letsencrypt/* && chown 65532:65532 /letsencrypt/${DOMAIN}.acme.json" volumes: - /data/secrets/letsencrypt:/letsencrypt networks: default: name: proxynet external: true