traefik
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /opt/traefik/data/traefik.yml:/traefik.yml:ro
- /opt/traefik/ssl/acme.json:/acme.json
- /opt/traefik/custom/:/custom/:ro
networks:
- web
- internal
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.traefik.entrypoints=http'
- 'traefik.http.routers.traefik.rule=Host(`traefik_url`)'
- 'traefik.http.middlewares.traefik-auth.basicauth.users=root:password'
- 'traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https'
- 'traefik.http.routers.traefik.middlewares=traefik-https-redirect'
- 'traefik.http.routers.traefik-secure.entrypoints=https'
- 'traefik.http.routers.traefik-secure.rule=Host(`traefik_url`)'
- 'traefik.http.routers.traefik-secure.middlewares=traefik-auth'
- 'traefik.http.routers.traefik-secure.tls=true'
- 'traefik.http.routers.traefik-secure.tls.certresolver=http'
- 'traefik.http.routers.traefik-secure.service=api@internal'
networks:
web:
external: true
internal:
external: false
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
directory: /custom
watch: true
certificatesResolvers:
http:
acme:
email: mail@3err0.ru
storage: acme.json
httpChallenge:
entryPoint: http
- custom_service.yaml in custom directory
ttp:
routers:
custom-secure:
rule: "Host(`url_service`)"
service: "custom-service"
entrypoints: ["https"]
middlewares:
- "custom-https-redirect"
tls:
certResolver: "http"
psw:
rule: "Host(`url_service`)"
entrypoints: ["http"]
middlewares:
- "custom-https-redirect"
service: "custom-service"
middlewares:
custom-https-redirect:
redirectScheme:
scheme: "https"
permanent: true
services:
custom-service:
loadBalancer:
servers:
- url: "http://service:80"
