mirror of
https://github.com/Haxxnet/Compose-Examples
synced 2025-02-22 16:22:14 +00:00
57 lines
1.9 KiB
YAML
57 lines
1.9 KiB
YAML
services:
|
|
|
|
traefik:
|
|
image: traefik:v3.3
|
|
container_name: traefik
|
|
restart: always
|
|
ports:
|
|
- 80:80/tcp # http
|
|
- 443:443/tcp # https
|
|
- 443:443/udp # https http3 quic
|
|
- 127.0.0.1:8080:8080 # http api dashboard
|
|
expose:
|
|
- 80 # http
|
|
- 443 # https
|
|
- 8080 # http api dashboard
|
|
volumes:
|
|
#- /var/run/docker.sock:/var/run/docker.sock:ro # better use socket-proxy instead
|
|
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik:/etc/traefik/ # put the provided traefik.yml and fileConfig.yml files at this location
|
|
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/logs
|
|
environment:
|
|
- TZ=Europe/Berlin
|
|
- CF_DNS_API_TOKEN=MyCloudflareApiToken # change this if you use Cloudflare
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.api.rule=Host(`traefik.example.com`) # Define the subdomain for the traefik dashboard.
|
|
- traefik.http.routers.api.service=api@internal # Enable Traefik API.
|
|
- traefik.http.routers.api.middlewares=local-ipwhitelist@file,basic-auth@file # protect dashboard with basic auth and restrict access to private class subnets only
|
|
#- traefik.http.middlewares.basic-auth-global.basicauth.users=admin:$$apr1$$epoKf5li$$QfTMJZOCS/halv3CiIUEu0 # protect the traefik dashboard by basic auth (pw=password)
|
|
extra_hosts:
|
|
- host.docker.internal:172.17.0.1
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
networks:
|
|
- proxy
|
|
- docker-proxynet
|
|
|
|
socket-proxy:
|
|
image: lscr.io/linuxserver/socket-proxy:1.26.2
|
|
container_name: socket-proxy
|
|
environment:
|
|
- CONTAINERS=1
|
|
- EVENTS=1
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
networks:
|
|
- docker-proxynet
|
|
restart: always
|
|
read_only: true
|
|
tmpfs:
|
|
- /run
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
docker-proxynet:
|
|
internal: true
|