Update docker-compose.yml

docker-compose.yml

@@ -1,21 +1,54 @@
+secrets:
+  cf-token:
+    file: ./cf-token
 services:
-
   traefik:
-    image: "traefik:v3.4"
+    image: traefik:3.4 # or traefik:v3.3 to pin a version
-    container_name: "traefik"
+    container_name: traefik
-    command:
+    restart: unless-stopped
-      #- "--log.level=DEBUG"
+    security_opt:
-      - "--api.insecure=true"
+      - no-new-privileges:true # helps to increase security
-      - "--providers.docker=true"
+    secrets:
-      - "--providers.docker.exposedbydefault=false"
+      - cf-token # the secret at the top of this file
-      - "--entryPoints.websecure.address=:443"
+    env_file:
-      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - .env # store other secrets e.g., dashboard password
-      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+    networks:
-      - "--certificatesresolvers.myresolver.acme.email=jeremymigonis@gmail.com"
+       proxy:
-      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
     ports:
-      - "443:443"
+      - 80:80
-      - "8080:8080"
+      - 443:443
+     # - 10000:10000 # optional
+     # - 33073:33073 # optional
+    environment:
+      - TRAEFIK_DASHBOARD_CREDENTIALS=${TRAEFIK_DASHBOARD_CREDENTIALS}
+      # - CF_API_EMAIL=your@email.com # Cloudflare email
+      # - CF_DNS_API_TOKEN=YOUR-TOKEN # Cloudflare API Token
+      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf-token # see https://doc.traefik.io/traefik/https/acme/#providers
+      # token file is the proper way to do it
     volumes:
-      - "./letsencrypt:/letsencrypt"
+      - /etc/localtime:/etc/localtime:ro
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /home/localadmin/docker/traefik/traefik.yaml:/traefik.yaml:ro
+      - /home/localadmin/docker/traefik/acme.json:/acme.json
+      - /home/localadmin/docker/traefik/config.yaml:/config.yaml:ro
+      - /home/localadmin/docker/traefik/logs:/var/log/traefik
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.entrypoints=http"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.migonis.dom`)"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
+      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
+      - "traefik.http.routers.traefik-secure.entrypoints=https"
+      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.migonis.dom`)"
+      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
+      - "traefik.http.routers.traefik-secure.tls=true"
+      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
+      - "traefik.http.routers.traefik-secure.tls.domains[0].main=migonis.tech"
+      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.migonis.tech"
+      - "traefik.http.routers.traefik-secure.service=api@internal"
+
+networks:
+  proxy:
+    external: true # or comment this line to auto create the network