Compose-Examples/examples/traefik/docker-compose.yml

services:

  traefik:
    image: traefik:v3.3
    container_name: traefik
    restart: always
    ports:
      - 80:80/tcp # http
      - 443:443/tcp # https
      - 443:443/udp # https http3 quic
      - 127.0.0.1:8080:8080 # http api dashboard
    expose:
      - 80 # http
      - 443 # https
      - 8080 # http api dashboard
    volumes:
      #- /var/run/docker.sock:/var/run/docker.sock:ro # better use socket-proxy instead
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik:/etc/traefik/ # put the provided traefik.yml and fileConfig.yml files at this location
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/logs
    environment:
      - TZ=Europe/Berlin
      - CF_DNS_API_TOKEN=MyCloudflareApiToken # change this if you use Cloudflare
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`traefik.example.com`) # Define the subdomain for the traefik dashboard.
      - traefik.http.routers.api.service=api@internal # Enable Traefik API.
      - traefik.http.routers.api.middlewares=local-ipwhitelist@file,basic-auth@file # protect dashboard with basic auth and restrict access to private class subnets only
      #- traefik.http.middlewares.basic-auth-global.basicauth.users=admin:$$apr1$$epoKf5li$$QfTMJZOCS/halv3CiIUEu0 # protect the traefik dashboard by basic auth (pw=password)
    extra_hosts:
      - host.docker.internal:172.17.0.1
    security_opt:
      - no-new-privileges:true      
    networks:
      - proxy
      - docker-proxynet

  socket-proxy:
    image: lscr.io/linuxserver/socket-proxy:1.26.2
    container_name: socket-proxy
    environment:
      - CONTAINERS=1
      - EVENTS=1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - docker-proxynet
    restart: always
    read_only: true
    tmpfs:
      - /run

networks:
  proxy:
    external: true
  docker-proxynet:
    internal: true
clean commit 2023-02-15 21:45:31 +00:00			`services:`
fix: remove deprecated compose version tag 2024-11-04 12:08:51 +00:00
clean commit 2023-02-15 21:45:31 +00:00			`traefik:`
chore: upgrade traefik to 3.3 2025-01-07 23:46:25 +00:00			`image: traefik:v3.3`
clean commit 2023-02-15 21:45:31 +00:00			`container_name: traefik`
chore: adjust traefik 2025-02-19 14:45:45 +00:00			`restart: always`
clean commit 2023-02-15 21:45:31 +00:00			`ports:`
fix: remove deprecated compose version tag 2024-11-04 12:08:51 +00:00			`- 80:80/tcp # http`
			`- 443:443/tcp # https`
			`- 443:443/udp # https http3 quic`
			`- 127.0.0.1:8080:8080 # http api dashboard`
			`expose:`
			`- 80 # http`
			`- 443 # https`
			`- 8080 # http api dashboard`
clean commit 2023-02-15 21:45:31 +00:00			`volumes:`
chore: use socket-proxy for traefik 2025-02-19 15:13:51 +00:00			`#- /var/run/docker.sock:/var/run/docker.sock:ro # better use socket-proxy instead`
add env 'DOCKER_VOLUME_STORAGE' for volume path customization 2023-02-25 13:09:52 +00:00			`- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik:/etc/traefik/ # put the provided traefik.yml and fileConfig.yml files at this location`
			`- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/logs`
clean commit 2023-02-15 21:45:31 +00:00			`environment:`
			`- TZ=Europe/Berlin`
Update docker-compose.yml add CF env 2024-01-13 19:14:28 +00:00			`- CF_DNS_API_TOKEN=MyCloudflareApiToken # change this if you use Cloudflare`
clean commit 2023-02-15 21:45:31 +00:00			`labels:`
			`- traefik.enable=true`
			- traefik.http.routers.api.rule=Host(`traefik.example.com`) # Define the subdomain for the traefik dashboard.
			`- traefik.http.routers.api.service=api@internal # Enable Traefik API.`
Update docker-compose.yml 2023-02-19 12:49:32 +00:00			`- traefik.http.routers.api.middlewares=local-ipwhitelist@file,basic-auth@file # protect dashboard with basic auth and restrict access to private class subnets only`
			`#- traefik.http.middlewares.basic-auth-global.basicauth.users=admin:$$apr1$$epoKf5li$$QfTMJZOCS/halv3CiIUEu0 # protect the traefik dashboard by basic auth (pw=password)`
clean commit 2023-02-15 21:45:31 +00:00			`extra_hosts:`
			`- host.docker.internal:172.17.0.1`
chore: Update docker-compose.yml 2025-02-19 16:01:30 +00:00			`security_opt:`
			`- no-new-privileges:true`
fix: remove deprecated compose version tag 2024-11-04 12:08:51 +00:00			`networks:`
chore: adjust traefik 2025-02-19 14:45:45 +00:00			`- proxy`
chore: use socket-proxy for traefik 2025-02-19 15:13:51 +00:00			`- docker-proxynet`

			`socket-proxy:`
			`image: lscr.io/linuxserver/socket-proxy:1.26.2`
			`container_name: socket-proxy`
			`environment:`
			`- CONTAINERS=1`
			`- EVENTS=1`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock:ro`
			`networks:`
			`- docker-proxynet`
			`restart: always`
			`read_only: true`
			`tmpfs:`
			`- /run`
clean commit 2023-02-15 21:45:31 +00:00
			`networks:`
			`proxy:`
chore: upgrade traefik 2024-11-28 17:31:57 +00:00			`external: true`
chore: use socket-proxy for traefik 2025-02-19 15:13:51 +00:00			`docker-proxynet:`
			`internal: true`