diff --git a/README.md b/README.md index 6538dc7..856e0bb 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ bin/dev ### Production with SSL -Use Docker Compose with Traefik for HTTPS. Clone the repo or copy `docker-compose.yml` and `config/traefik/`, then create a `.env` file: +Use Docker Compose with Traefik for HTTPS. Only `docker-compose.yml` and a `.env` file are needed: **Let's Encrypt (wildcard):** diff --git a/config/traefik/dynamic.yml b/config/traefik/dynamic.yml deleted file mode 100644 index 2d15733..0000000 --- a/config/traefik/dynamic.yml +++ /dev/null @@ -1,20 +0,0 @@ -# Dynamic configuration -http: - routers: - uptimer: - rule: 'Host(`{{ env "DOMAIN" }}`)' - entryPoints: - - '{{ env "ENTRYPOINT" "websecure" }}' - service: uptimer - tls: - certResolver: letsencrypt - domains: - - main: '{{ env "DOMAIN" }}' - sans: - - '{{ env "WILDCARD_DOMAIN" }}' - - services: - uptimer: - loadBalancer: - servers: - - url: "http://up-timer:80" diff --git a/config/traefik/traefik.yml b/config/traefik/traefik.yml deleted file mode 100644 index d728497..0000000 --- a/config/traefik/traefik.yml +++ /dev/null @@ -1,33 +0,0 @@ -# Static configuration -global: - sendAnonymousUsage: false - -api: - dashboard: false - -entryPoints: - web: - address: ":80" - http: - redirections: - entryPoint: - to: websecure - scheme: https - websecure: - address: ":443" - -providers: - file: - filename: /etc/traefik/dynamic.yml - watch: true - -certificatesResolvers: - letsencrypt: - acme: - email: '{{ env "LETSENCRYPT_EMAIL" }}' - storage: /letsencrypt/acme.json - dnsChallenge: - provider: '{{ env "DNS_PROVIDER" "cloudflare" }}' - resolvers: - - "1.1.1.1:53" - - "8.8.8.8:53" diff --git a/docker-compose.yml b/docker-compose.yml index c3f9a54..4b8eca8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,16 +6,21 @@ services: - "80:80" - "443:443" volumes: - - ./config/traefik/traefik.yml:/etc/traefik/traefik.yml:ro - - ./config/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro + - /var/run/docker.sock:/var/run/docker.sock:ro - traefik-certs:/letsencrypt environment: - - ENTRYPOINT=${ENTRYPOINT:-websecure} - - DNS_PROVIDER=${DNS_PROVIDER:-cloudflare} - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} - - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} - - DOMAIN=${DOMAIN} - - WILDCARD_DOMAIN=${WILDCARD_DOMAIN} + command: + - "--global.sendAnonymousUsage=false" + - "--api.dashboard=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + - "--entrypoints.websecure.address=:443" + - "--providers.docker" + - "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${DNS_PROVIDER:-cloudflare}" restart: unless-stopped up-timer: @@ -38,7 +43,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.uptimer.rule=Host(`${DOMAIN}`)" - - "traefik.http.routers.uptimer.entrypoints=websecure" + - "traefik.http.routers.uptimer.entrypoints=${ENTRYPOINT:-websecure}" - "traefik.http.routers.uptimer.tls.certresolver=letsencrypt" restart: unless-stopped