proxy/docker-compose.yml at master · arscrift/proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
version: '3.7'

services:
  traefik:
    image: traefik:v2.0.6
    command:
      - --providers.docker
      - --providers.docker.swarmMode=true
      - --providers.docker.network=traefik-public
      - --providers.docker.watch
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
      - --certificatesResolvers.leresolver.acme.email=${EMAIL?Variable EMAIL not set}
      - --certificatesResolvers.leresolver.acme.storage=/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
      - --log.level=DEBUG
      - --log.filePath=/var/log/traefik.log
      - --log.format
      - --accesslog=true
      - --accesslog.filepath=/var/log/access.log
      - --accesslog.bufferingsize=100
      - --metrics.prometheus=true
      - --metrics.prometheus.buckets=0.1,0.3,1.2,5.0
      - --metrics.prometheus.addServicesLabels=true
      - --api
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    deploy:
      replicas: ${TRAEFIK_REPLICAS:-3}
      placement:
        constraints:
          - node.role == manager
        preferences:
          - spread: node.id
      labels:
        # Dashboard
        - "traefik.http.routers.traefik.rule=Host(`traefik.arscrift.digital`)"
        - "traefik.http.routers.traefik.middlewares=auth"
        - "traefik.http.middlewares.auth.basicauth.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}"
        - "traefik.http.routers.traefik.service=api@internal"
        - "traefik.http.services.traefik.loadbalancer.server.port=8080"
        # Traefik service that listens to HTTPS"
        - "traefik.http.routers.traefik.entrypoints=websecure"
        - "traefik.http.routers.traefik.tls.certresolver=leresolver"
        # Traefik redirect to HTTPS
        - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
        - "traefik.http.routers.http-catchall.entrypoints=web"
        - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
        - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ~/acme.json:/acme.json
      - ~/traefik.log:/var/log/traefik.log
    networks:
      - default
      - traefik-public

  portainer:
    image: portainer/portainer
    command: -H tcp://tasks.agent:9001 --tlsskipverify
    volumes:
      - portainer-data:/data
    networks:
      - default
      - traefik-public
      - private
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.http.routers.portainer.rule=Host(`portainer.arscrift.digital`)"
        - "traefik.http.routers.portainer.service=portainer"
        - "traefik.http.services.portainer.loadbalancer.server.port=9000"
        - "traefik.http.routers.portainer.tls.certresolver=leresolver"
        - "traefik.http.routers.portainer.entrypoints=websecure"

  agent:
    image: portainer/agent
    environment:
      AGENT_CLUSTER_ADDR: tasks.agent
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - private
    deploy:
      mode: global
      placement:
        constraints:
          - node.platform.os == linux

volumes:
  portainer-data:

networks:
  traefik-public:
    external: true
  private:
    driver: overlay