duaadmin/Docker-Compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe6437677b8d760e8ded18ae6ca34881dce2e0fb
Docker-Compose/traefik/docker-compose.yml
Hayden Liu fe6437677b Rename network 2
2026-02-01 15:44:55 +08:00

143 lines
5.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
services:
traefik:
image: traefik:v3.6
networks:
# Connect to the 'proxy' overlay network for inter-container communication across nodes
- proxy
ports:
# Expose Traefik's entry points to the Swarm
# Swarm requires the long syntax for ports.
- target: 80 # Container port (Traefik web entry point)
published: 80 # Host port exposed on the nodes
protocol: tcp
# 'host' mode binds directly to the node's IP where the task runs.
# 'ingress' mode uses Swarm's Routing Mesh (load balances across nodes).
# Choose based on your load balancing strategy. 'host' is often simpler if using an external LB.
mode: ingress
- target: 443 # Container port ( Traefik websecure entry point)
published: 443 # Host port
protocol: tcp
mode: ingress
environment:
- CF_DNS_API_TOKEN=${TRAEFIK_CF_DNS_API_TOKEN}
volumes:
# Mount the Docker socket for the Swarm provider
# This MUST be run from a manager node to access the Swarm API via the socket.
- /var/run/docker.sock:/var/run/docker.sock:ro # Swarm API socket
- /mnt/docker-storage/traefik/acme:/acme
# Traefik Static configuration via command-line arguments
command:
# HTTP EntryPoint
- "--entrypoints.web.address=:80"
# Configure HTTP to HTTPS Redirection
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
# HTTPS EntryPoint
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
# Certificates Resolver
- "--certificatesResolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL}"
- "--certificatesResolvers.letsencrypt.acme.storage=/acme/acme.json"
- "--certificatesResolvers.letsencrypt.acme.dnsChallenge.provider=cloudflare"
# Providers
# Enable the Docker Swarm provider (instead of Docker provider)
- "--providers.swarm.endpoint=unix:///var/run/docker.sock"
# Watch for Swarm service changes (requires socket access)
- "--providers.swarm.watch=true"
# Recommended: Don't expose services by default; require explicit labels
- "--providers.swarm.exposedbydefault=false"
# Specify the default network for Traefik to connect to services
- "--providers.swarm.network=traefik_proxy"
# API & Dashboard
- "--api.dashboard=true" # Enable the dashboard
- "--api.insecure=false" # Explicitly disable insecure API mod
# Observability
- "--log.level=INFO" # Set the Log Level e.g INFO, DEBUG
- "--accesslog=true" # Enable Access Logs
- "--metrics.prometheus=true" # Enable Prometheus
deploy:
mode: replicated
replicas: 1
placement:
# Placement constraints restrict where Traefik tasks can run.
# Running on manager nodes is common for accessing the Swarm API via the socket.
constraints:
- node.role == manager
# Traefik Dynamic configuration via labels
# In Swarm, labels on the service definition configure Traefik routing for that service.
labels:
- "traefik.enable=true"
# Dashboard router
- "traefik.http.routers.traefik.rule=HostRegexp(`traefik.apps.dua.casa`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
# Basicauth middleware
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH}"
- "traefik.http.routers.traefik.middlewares=traefik-auth@swarm"
# Service hint
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
# CERT router
- "traefik.http.routers.cert.rule=HostRegexp(`{subdomain:.+}.apps.dua.casa`)"
- "traefik.http.routers.cert.entrypoints=websecure"
- "traefik.http.routers.cert.service=noop@internal"
- "traefik.http.routers.cert.tls=true"
- "traefik.http.routers.cert.tls.certresolver=letsencrypt"
- "traefik.http.routers.cert.priority=1"
# Homepage Widget
- homepage.group=Network
- homepage.name=Traefik
- homepage.icon=sh-traefik-light
- homepage.href=https://traefik.dua.casa
- homepage.description=A modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
- homepage.widget.type=traefik
- homepage.widget.url=https://traefik.apps.dua.casa
- homepage.widget.username=admin
- homepage.widget.password=bykWvHAaQTDy0ts4ZpUAXoT9ztCNmsKg
# Deploy the Whoami application
whoami:
image: traefik/whoami
networks:
- proxy
deploy:
labels:
# Enable Service discovery for Traefik
- "traefik.enable=true"
# Define the WHoami router rule
- "traefik.http.routers.whoami.rule=Host(`whoami.apps.dua.casa`)"
# Expose Whoami on the HTTPS entrypoint
- "traefik.http.routers.whoami.entrypoints=websecure"
# Enable TLS
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
# Expose the whoami port number to Traefik
- traefik.http.services.whoami.loadbalancer.server.port=80
# Define the overlay network for Swarm
networks:
proxy:
driver: overlay
attachable: true
Reference in New Issue View Git Blame Copy Permalink