clair-stack/docker-compose.tls.yml at master · ClairBerlin/clair-stack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
version: '3.8'

services:

  reverse_proxy:
    command:
      - '--providers.docker=true'
      - '--providers.docker.swarmMode=true'
      - '--providers.docker.exposedbydefault=false'
      - '--providers.docker.network=clair_frontend'
      - '--accesslog=true'
      - '--entryPoints.web.address=:80'
      - '--entryPoints.websecure.address=:443'
      - '--certificatesResolvers.leresolver.acme.email=tg@trusttheadmin.de'
      - '--certificatesResolvers.leresolver.acme.storage=/etc/traefik/acme/acme.json'
      - '--certificatesResolvers.leresolver.acme.tlsChallenge=true'
      - '--providers.file.filename=/etc/traefik/traefik_conf.yaml'
    # - '--certificatesResolvers.leresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory'
    ports:
      - target: 443
        published: 443
    configs:
      - source: traefik-conf-v1
        target: /etc/traefik/traefik_conf.yaml
    volumes:
      - "certificates:/etc/traefik/acme"

  static_frontend:
    deploy:
      labels:
        - traefik.http.routers.clair-frontend.tls=true
        - traefik.http.routers.clair-frontend.tls.domains[0].main=${CLAIR_DOMAIN}
        - traefik.http.routers.clair-frontend.tls.certresolver=leresolver
        # global redirect to https
        - traefik.http.routers.redirect.rule=hostregexp(`{host:.+}`)
        - traefik.http.routers.redirect.entrypoints=web
        - traefik.http.routers.redirect.middlewares=redirect-to-https
        # middleware redirect
        - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https

  static_frontend_como:
    deploy:
      labels:
        - traefik.http.routers.como-frontend.tls=true
        - traefik.http.routers.como-frontend.tls.domains[0].main=${COMO_DOMAIN}
        - traefik.http.routers.como-frontend.tls.certresolver=leresolver

  managair_server:
    environment:
      - HTTPS=on
    deploy:
      labels:
        - traefik.http.routers.managair-server.tls=true
        - traefik.http.routers.managair-server.tls.domains[0].main=${CLAIR_DOMAIN}
        - traefik.http.routers.managair-server.tls.certresolver=leresolver

volumes:
  certificates:

configs:
  traefik-conf-v1:
      file: ./traefik_conf.yaml