40 lines
1.6 KiB
Docker
40 lines
1.6 KiB
Docker
# docker stack deploy -c traefik.yml traefik
|
|
|
|
services:
|
|
traefik:
|
|
image: traefik:${VERSION:-v2.11.3}
|
|
command:
|
|
- --log.level=${LOGLEVEL:-ERROR}
|
|
- --providers.docker
|
|
- --providers.docker.network=traefik-net
|
|
- --providers.docker.exposedByDefault=false
|
|
- --providers.docker.swarmMode=true
|
|
- --providers.docker.endpoint=unix:///var/run/docker.sock
|
|
- --entrypoints.https.proxyProtocol.trustedIPs=${TRUSTED_IPS:-127.0.0.1}
|
|
- --entrypoints.https.forwardedHeaders.trustedIPs=${TRUSTED_IPS:-127.0.0.1}
|
|
- --entrypoints.https.address=:443
|
|
- --entrypoints.http.address=:80
|
|
- --entrypoints.http.proxyProtocol.trustedIPs=${TRUSTED_IPS:-127.0.0.1}
|
|
- --entrypoints.http.forwardedHeaders.trustedIPs=${TRUSTED_IPS:-127.0.0.1}
|
|
- --entrypoints.http.http.redirections.entryPoint.to=https
|
|
- --entrypoints.http.http.redirections.entryPoint.scheme=https
|
|
- --entrypoints.http.http.redirections.entrypoint.permanent=true
|
|
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
|
|
- --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL:-admin@example.com}
|
|
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
|
|
volumes:
|
|
- ${VOLUME_PATH}letsencrypt:/letsencrypt
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
ports:
|
|
- {target: 80, published: 80, mode: host, protocol: tcp}
|
|
- {target: 443, published: 443, mode: host, protocol: tcp}
|
|
deploy:
|
|
mode: ${MODE:-replicated}
|
|
|
|
volumes:
|
|
letsencrypt:
|
|
|
|
networks:
|
|
default:
|
|
external: true
|
|
name: traefik-net
|