sfcal/gist:6e045c8850b059a7f13b34ec3a2c9c26

## gistfile1.txt
  # Traefik 2 - Reverse Proxy
  traefik:
    container_name: traefik
    image: traefik:chevrotin # the chevrotin tag refers to v2.2.x
    restart: unless-stopped
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
      - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
      - --entryPoints.traefik.address=:8080
      - --api=true
      # - --api.insecure=true
      # - --serversTransport.insecureSkipVerify=true
      - --log=true
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      # - --providers.docker.defaultrule=HostHeader(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      # Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services.
      - --entrypoints.https.http.tls.certresolver=dns-cloudflare
      - --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME
      - --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME
      # - --entrypoints.https.http.tls.domains[1].main=$DOMAIN # Pulls main cert for second domain
      # - --entrypoints.https.http.tls.domains[1].sans=*.$DOMAIN # Pulls wildcard cert for second domain
      - --providers.docker.network=t2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
      # - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
      - --providers.file.watch=true # Only works on top level files in the rules folder
      # - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
      - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
    networks:
      t2_proxy:
        ipv4_address: 192.168.254.254 # You can specify a static IP
    # networks:
    #   - t2_proxy
    security_opt:
      - no-new-privileges:true
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
    volumes:
      - $DOCKERDIR/traefik2/rules:/rules # file provider directory
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $DOCKERDIR/traefik2/acme/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600
      - $DOCKERDIR/traefik2/traefik.log:/traefik.log # for fail2ban - make sure to touch file before starting the container
      - $DOCKERDIR/shared:/shared
    environment:
      - CF_API_EMAIL=$CLOUDFLARE_EMAIL
      - CF_API_KEY=$CLOUDFLARE_API_KEY
    labels:
      - "traefik.enable=true"
      ## HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      ## HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=HostHeader(`traefik.$DOMAINNAME`)"
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      ## Middlewares
      - "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file"
	# Traefik 2 - Reverse Proxy
	traefik:
	container_name: traefik
	image: traefik:chevrotin # the chevrotin tag refers to v2.2.x
	restart: unless-stopped
	command: # CLI arguments
	- --global.checkNewVersion=true
	- --global.sendAnonymousUsage=true
	- --entryPoints.http.address=:80
	- --entryPoints.https.address=:443
	# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
	- --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
	- --entryPoints.traefik.address=:8080
	- --api=true
	# - --api.insecure=true
	# - --serversTransport.insecureSkipVerify=true
	- --log=true
	- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
	- --accessLog=true
	- --accessLog.filePath=/traefik.log
	- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
	- --accessLog.filters.statusCodes=400-499
	- --providers.docker=true
	- --providers.docker.endpoint=unix:///var/run/docker.sock
	# - --providers.docker.defaultrule=HostHeader(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
	- --providers.docker.exposedByDefault=false
	# Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services.
	- --entrypoints.https.http.tls.certresolver=dns-cloudflare
	- --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME
	- --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME
	# - --entrypoints.https.http.tls.domains[1].main=$DOMAIN # Pulls main cert for second domain
	# - --entrypoints.https.http.tls.domains[1].sans=*.$DOMAIN # Pulls wildcard cert for second domain
	- --providers.docker.network=t2_proxy
	- --providers.docker.swarmMode=false
	- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
	# - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
	- --providers.file.watch=true # Only works on top level files in the rules folder
	# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
	- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
	- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
	- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
	- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
	- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
	networks:
	t2_proxy:
	ipv4_address: 192.168.254.254 # You can specify a static IP
	# networks:
	# - t2_proxy
	security_opt:
	- no-new-privileges:true
	ports:
	- target: 80
	published: 80
	protocol: tcp
	mode: host
	- target: 443
	published: 443
	protocol: tcp
	mode: host
	- target: 8080
	published: 8080
	protocol: tcp
	mode: host
	volumes:
	- $DOCKERDIR/traefik2/rules:/rules # file provider directory
	- /var/run/docker.sock:/var/run/docker.sock:ro
	- $DOCKERDIR/traefik2/acme/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600
	- $DOCKERDIR/traefik2/traefik.log:/traefik.log # for fail2ban - make sure to touch file before starting the container
	- $DOCKERDIR/shared:/shared
	environment:
	- CF_API_EMAIL=$CLOUDFLARE_EMAIL
	- CF_API_KEY=$CLOUDFLARE_API_KEY
	labels:
	- "traefik.enable=true"
	## HTTP-to-HTTPS Redirect
	- "traefik.http.routers.http-catchall.entrypoints=http"
	- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
	- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
	- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
	## HTTP Routers
	- "traefik.http.routers.traefik-rtr.entrypoints=https"
	- "traefik.http.routers.traefik-rtr.rule=HostHeader(`traefik.$DOMAINNAME`)"
	## Services - API
	- "traefik.http.routers.traefik-rtr.service=api@internal"
	## Middlewares
	- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file"
No results found