-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdocker-compose.container.yml
58 lines (56 loc) · 2.01 KB
/
docker-compose.container.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Define which version of docker-compose file you are using.
version: '3.7'
# Traefik Docker Stack for Docker Swarm.
services:
# Traefik Reverse-Proxy Service
traefik:
image: traefik:v1.7
container_name: ${SERVICE_NAME}
networks:
- traefik-proxy-network
labels:
- traefik.frontend.rule=Host:traefik.${DOMAIN}
- traefik.docker.network:proxy-net
- traefik.port=8080
- traefik.enable=true
# If you want to password protect this service. Also, Docker Secrets may be better for this
# and the acme.json file.
# - traefik.frontend.auth.basic.users=${USERNAME}:${HASHED_PASSWORD}
ports:
- 80:80
- 443:443
# Note: It is know to big a vulnerability to mount Docker host Docker socket into a container
# because this can give container root user access to root user in host. There are workarounds
# to make Traefik work without this, but then the automatic service discovery doesn't work and
# you have to manually configure Traefik.
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik
# Note: The --acme.tlsChallenge flag may be different for everyone's use case
# and may require other flags.
# I suggest looking through the Traefik Documentation to decide which kind of
# ACME Challenge is best for you.
# https://docs.traefik.io/configuration/acme/#acme-challenge
command: >
--docker
--docker.watch
--docker.exposedbydefault=false
--api
--logLevel=INFO
--accessLog
--accessLog.filePath=/etc/traefik/logs/access.log
--accessLog.format=json
--traefikLog
--traefikLog.filePath=/etc/traefik/logs/traefik.log
--traefikLog.format=json
--acme
--acme.email=${EMAIL}
--acme.storage="/etc/traefik/acme.json"
--acme.entrypoint=https
--acme.tlsChallenge
--acme.onhostrule=true
--acme.acmelogging=true
# Traefik Docker Networks for Docker Swarm
networks:
traefik-proxy-network:
name: proxy-net