-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yaml
98 lines (98 loc) · 3.72 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
version: '3.9'
services:
traefik:
image: traefik:latest
restart: unless-stopped
command:
- "--api.insecure=false"
- "--entrypoints.web.address=:80"
# force http to https redirection
# - "--entrypoints.web.http.redirections.entryPoint.to=web-secure"
# - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web-secure.address=:443"
- "--log.filePath=/logs/traefik.log"
- "--log.level=DEBUG"
- "--log.format=json"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.file.watch=true"
- "--providers.file.directory=/FileProvider/"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedbydefault=false"
- "--serverstransport.insecureskipverify=false"
- "--certificatesresolvers.le.acme.dnschallenge=true"
- "--certificatesresolvers.le.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.le.acme.dnschallenge.delaybeforecheck=10"
- "--certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1:53"
- "--accesslog.filepath=/logs/access.log"
- "--metrics.prometheus=true"
- "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
- "--metrics.prometheus.manualrouting=true"
- "--metrics.prometheus.entryPoint=metrics"
- "--metrics.prometheus.addrouterslabels=true"
- "--tracing.datadog=true"
environment:
CF_API_EMAIL: ${CF_API_EMAIL}
CF_API_KEY: ${CF_API_KEY}
CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN}
container_name: traefik
labels:
- "traefik.enable=true"
# dashboard (optional, this will be the main entrypoint for traefik dashboard)
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.${CF_DOMAIN}`)"
- "traefik.http.routers.traefik-rtr.entrypoints=web-secure"
- "traefik.http.routers.traefik-rtr.tls=true"
- "traefik.http.routers.traefik-rtr.tls.certresolver=le"
- "traefik.http.routers.traefik-rtr.service=api@internal"
ports:
# web entrypoint
- target: 80
published: 80
protocol: tcp
mode: host
# web-secure entrypoint
- target: 443
published: 443
protocol: tcp
mode: host
# dashboard entrypoint
- target: 8080
published: 8080
protocol: tcp
mode: host
volumes:
- "/var/run/docker.sock:/var/run/docker.sock" # So Traefik can listen to the Docker events
- ./FileProvider/:/FileProvider/ # The dynamic configuration file
- ./logs/:/logs/
# Cloudflare automatic CNAME DNS creation
cf-companion:
container_name: cf-companion
image: tiredofit/traefik-cloudflare-companion:latest
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- TIMEZONE=${TZ}
- CF_EMAIL=${CF_API_EMAIL}
- CF_TOKEN=${CF_API_KEY}
- TARGET_DOMAIN=ddns.${CF_DOMAIN}
- DOMAIN1=${CF_DOMAIN}
- DOMAIN1_ZONE_ID=${CF_DOMAIN_ZONE_ID}
- DOMAIN1_PROXIED=true
# # Add hosts specified in rules here to force cf-companion to create the CNAMEs
# labels:
# # Since cf-companion creates CNAMEs based on host rules, this a workaround for non-docker/external apps, or load balancers from fileprovider
# - "traefik.http.routers.cf-companion-rtr.rule=HostHeader( HostHeader(`custom.${CF_DOMAIN}`) || HostHeader(`subdomain.${CF_DOMAIN}`))"
# Cloudflare dynamic DNS
cf-ddns:
container_name: cf-ddns
image: oznu/cloudflare-ddns:latest
restart: unless-stopped
environment:
- API_KEY=${CF_DNS_API_TOKEN}
- ZONE=${CF_DOMAIN}
- SUBDOMAIN=ddns
- PROXIED=true
- RRTYPE=A
- DELETE_ON_STOP=false
- DNS_SERVER=1.1.1.1